Security Services 2.0.5 Readme

October 8, 2007


About This Readme

This file contains installation instructions and issues related to Security Services 2.0.5 (Novell Certificate ServerTM 3.3.0, NICI 2.7.3, NMASTM 3.2.0, and NTLS 2.0.2).

1.0 Prerequisites
1.1 Minimal and Custom Install Prerequisites
2.0 Installation Instructions
3.0 Security Services General Issues
4.0 Certificate Server 3.3.0
4.1 Issues Resolved
4.2 Installation Issues
4.3 Administration Issues
5.0 NICI 2.7.3
5.1 Issues Resolved
5.2 Administration Issues
6.0 NMAS 3.2.0
6.1 Issues Resolved
6.2 Installation Issues
6.3 Administration Issues
6.4 Universal Password Issues
7.0 NTLS 2.0.2
7.1 Issues Resolved
8.0 NMAS Methods 2.7.5
8.1 Issues Resolved
8.2 Methods and Sequences Issues
9.0 Fixes in Previous Security Services Patches
9.1 Security Services 204
9.2 Security Services 203
9.3 Security Services 202
9.4 Security Services 201
10.0 Legal Notices


1.0 Prerequisites

Security Services 2.0.5 can be installed on eDirectoryTM 8.7.3 SP9, eDirectoryTM 8.8 SP1, or eDirectoryTM 8.8 SP2.
***See note below about eDirectoryTM 8.8 SP2.***
***See note below about NetWare 6.5 SP7.***

This bundle will install on the following platforms:

NOTE:eDirectoryTM 8.8 SP2, fresh installs of NetWare 6.5SP7, and NetWare 6.5 Support Pack 7 include most of the bug fixes from Security Services 2.0.5. There are a few bug fixes that were not included in eDirectoryTM 8.8 SP2 and NetWare 6.5 SP7.


Issues Resolved in Security Services 2.0.5, which were not included in eDirectoryTM 8.8 SP2 and NetWare 6.5 SP7

NOTE: If you have installed eDirectoryTM 8.8 SP2 and you are not using Encrypted Replication or the CertMutual NMAS login method, then there is not a need to install Security Services 2.0.5 on top of eDirectoryTM 8.8 SP2. However, if you have installed eDirectory 8.8 SP2 and are using Encrypted Replication or the CertMutual NMAS login method , we recommend you install Security Services 2.0.5 on the eDirectoryTM8.8 SP2 server.

NOTE: The Security Services 2.0.5 patch copies newer schema files to the server, however they are not extended by default. Some newer functionality (such as the new Passwords iManager plug-in) will not work until schema has been extended manually. Please see eDirectory Documentation for instructions on extending schema. Schema needs to be extended once per tree. (The schema files which need to be extended are: nmas.sch, nspm.sch, notf.sch, and nsimpm.sch)

NOTE:If running eDirectory 8.7.3 or eDirectory 8.8/8.8 SP1 in certain cases NDSD can core when shutting down ndsd or when using embox. If you are NOT using embox/dsbk, you can comment embox out of the ndsmodules.conf and restart ndsd. If you are using embox/dsbk, you can create a symbolic link (see below) after installing Security Services 2.0.5.
To resolve this coring issue, recreate the softlink as follows after the install:
ln -s /etc/opt/novell/nici.cfg /etc/nici.cfg

Please see TID# 3154121 and TID# 3950804 for more details.

NOTE: If you are installing the Security Services 2.0.5 patch on a NetWare 6.5 server with eDirectory 8.8 SP1 installed, you MUST apply eDirectory Post 8.8 SP1 FTF1 for NetWare (or greater) prior to applying the Security Services 2.0.5 patch or the install will hang. If you did not apply the eDirectory Post 8.8 SP1 FTF1 (or greater) patch before installing the Security Services 2.0.5 patch and the installation hangs, apply the above patch and rerun the Security Services 2.0.5 install.

NOTE:If you install NetWare 6.5 SP6 and upgrade to eDirectoryTM 8.8 or eDirectoryTM 8.8 SP1, the eDirectory install will backrev NMAS, PKIS, NICI and NTLS. If this happens, reapply the Security Services 2.0.5 patch.

This bundle has been tested with eDirectoryTM 8.7.3 SP9, eDirectoryTM 8.8 SP1, and eDirectoryTM 8.8 SP2. Novell recommends one of these minimum versions be installed prior to installing Security Services 2.0.5.

The Security Services 2.0.5 patch installs Novell Certificate Server 3.3.0, NICI 2.7.3, NMAS 3.2.0, and NTLS 2.0.2 using one integrated install script.


1.1 Minimal and Custom Install Prerequisites

If you have performed a minimal or custom install of Open Enterprise Server (OES), SUSE Linux Enterprise Server (SLES), or Red Hat Advanced Server, you may be lacking a dependent module needed by this Security Services 2.0.5 patch. The Security Services 2.0.5 patch is dependent on the Compat library being installed on your server. You can identify the installation of this module on your server by running the following command:

rpm -qa |grep compat

For OES or SLES, look for this command to return compat-2004.7.1-1.2 or later.

For Red Hat, look for compat-libstdc++-296-2.96-132.7.2 or later.

If you don't have the Compat module installed, the module can be found on your install CDs.


2.0 Installation Instructions

  1. Select "Security Services" from the "Product or Technology" dropdown at the Novell Downloads Web site and download the necessary platform-specific download for the Security Services 2.0.5 patch.

    • For NetWare - select ss205_NW.tgz
    • For Linux, Solaris, HP-UX, and AIX - select ss205_SLAH.tgz
    • For Windows - select ss_setup.exe
    • For NMAS Methods updates on all platforms - download nmmthd275.tgz
  2. On NetWare, Linux, Solaris, HP-UX, and AIX servers, extract the download to a temporary directory on the server.

    • For NetWare use a decompression utility that supports tgz, such as WinZip.
    • For Linux, Solaris, HP-UX, and AIX servers, use gzip and tar to decompress and extract the tarball to a temporary directory.

      For example, gzip -d -c ss205_SLAH.tgz | tar xvf -

  3. Run the installation script.

    NOTE: If you are installing the Security Services 2.0.5 patch on a NetWare 6.5 server with eDirectory 8.8 SP1 installed, you MUST apply eDirectory Post 8.8 SP1 FTF1 for NetWare (or greater) prior to applying the Security Services 2.0.5 patch or the install will hang. If you did not apply the eDirectory Post 8.8 SP1 FTF1 (or greater) patch before installing the Security Services 2.0.5 patch and the installation hangs, apply the above patch and rerun the Security Services 2.0.5 install.

    On NetWare servers, load NWCONFIG and select Product Options > Install product not listed, then press Enter. Press F3 and enter the path to the extraction directory (for example, sys:temp\ss205_nw\), then follow the installation prompts.

    On Windows servers, double-click the ss_setup.exe file.

    On Linux, Solaris, HP-UX, and AIX servers, go to the extraction directory (for example, temp\ss205_SLAH\) and run the install.sh script. The script detects if you are on Linux, Solaris, HP-UX, or AIX and installs the corresponding packages.

    NOTE: If any component of the directory in the path for the Security Services install script contains a space, the install on Linux fails. Please verify the path for the install script does not contain any spaces.

  4. NOTE:  For NMAS Method updates on all platforms, download and install nmmthd275.tgz. To install NMAS methods, extract nmmthd275.tgz to a temporary directory, then use the NMAS iManager plug-in or nmasinst to install/update your methods. (See nmasinst -help for more information on using nmasinst.) To use the NMAS iManager plug-in, select the NMAS Role | NMAS Login Methods | Select the desired NMAS Method and select "Update" | point to the zip file for the selected NMAS Method.

    NOTE: Methods are installed once per tree.


3.0 Security Services General Issues

This release of Security Services will not update the security components for an eDirectoryTM 8.8 or eDirectoryTM 8.8 SP1 tarball installation. Please install eDirectoryTM 8.8 SP2 to update a tarball installation. You can download eDirectoryTM 8.8 SP2 at the Novell Downloads Web site.


4.0 Certificate Server 3.3.0

For detailed Certificate Server documentation, see the Certificate Server documentation Web site.


4.1 Issues Resolved in PKI 3.3.0


4.2 Installation Issues


4.3 Administration Issues


5.0 NICI 2.7.2

For detailed NICI documentation, see the NICI documentation Web site.


5.1 Issues Resolved


5.2 Administration Issues


6.0 NMAS 3.2.0

For detailed NMAS documentation, see the NMAS documentation Web site.


6.1 Issues Resolved

  • Bug 169581 - (Enhancement) Increased LDAP Bind performance with NDSD_TRY_NMASLOGIN_FIRST=true
  • Bug 198083 - After applying SSP201 scrsaver.nlm will not unlock screensaver with users that have a network address restriction applied equal to the server IP Address
  • Bug 207777 - (Enhancement) Intruder detection, allow account to be locked indefinitely
  • Bug 222419 - (Enhancement) Allow NMAS to use external Certificates for Novell Audit
  • Bug 230950 - Scrsaver.nlm fails to unlock screen if admin user has a default sequence defined
  • Bug 233069 - (Enhancement) Fail over to NDS method when default is not possible
  • Bug 235403 - (Enhancement) NMAS evaluates X number of characters to support character limited systems
  • Bug 235884 - Minimum and Maximum upper and lower case rules confusing.
  • Bug 240427 - Remove Password history values if they can't be decrypted on password changes/FFFFFA78 error when trying to change a password
  • Bug 258105 - (Enhancement) Limit Universal password access to only admins of a special group
  • Bug 253852 - NMAS spmnwcc 'breaks' legacy functionality of addr restrictions
  • Bug 254685 - NMAS error -1642 when trying to autoprovision for the first time with NCP.
  • Bug 260538 - Unable to get nspm password(2) failed, -1697
  • Bug 267496 - 16022 errors in IDM trace when no maximum password length specified or if minimum and maximum password lengths are set to be the same value
  • Bug 267748 - Generate Password token gives -6022 NMAS error when nspmMinUniqueCharacters is equal to nspmMaximumLength
  • Bug 274573 - 3rd party NMAS method only works one time, next authenticiation -1662
  • Bug 285723 - (Enhancement) Don't set pwd expiration forward when user cancels out of password change
  • Bug 291259 - Generate Password noun does not abide by rules with Microsoft Complexity
  • Bug 299984 - Minimum password length is changing to 0 when using Microsoft Complexity Policy


6.2 Installation Issues

No installation issues for this release.


6.3 Administration Issues

No Administration issues for this release.


6.4 Universal Password Issues

  • If you are using a Simple Password method version that shipped previous to eDirectory 8.7.3, you may run into an issue with Simple Password when users authenticate through LDAP. You might find that the Universal Password did not synchronize with the Simple Password. To remedy this problem, update the Simple Password method to the version included in this release. The Simple Password method can be updated by using nmasinst or the NMAS iManager plug-in. The Simple Password method is found in the nmmthd275.tgz download. Once extracted, the Simple Password Method is found in the nmmthd275\novell\simplepassword directory.

  • The NDS password is migrated to the Universal Password when doing an LDAP bind if eDirectory 8.8.x is installed and configured to use NMAS login for LDAP binds. Information on configuring eDirectory to use NMAS login for LDAP binds can be found at the eDirectory Documentation Web site.


7.0 NTLS 2.0.2


7.1 Issues Resolved

  • Bug 286166 - ldap refresh causes memory build up in xmgr(NICI)
  • Bug 326676 - ndsd core using Encrypted Replication
  • Bug 329130 - Certmutual logins fail with ldap error 81


8.0 NMAS Methods 2.7.5


8.1 Issues Resolved

  • Bug 222681 - Challenge Response LSM returns successful authentication on unparseable XML challenge set
  • Bug 257677 - Typo in Challenge Response method file
  • Bug 261059 - Attempting to authenticate using Challenge Response method causes core on SLES 9 server
  • Bug 275840 - If NMAS sequence is set to Challenge/Response but user has no challenge set, error FFFFFDA5(603)
  • Bug 279684 - DIGEST-MD5 (2.7.4) authentication fails with Invalid credentials (49) or -1632


8.2 Methods and Sequences Issues

  • The following NMAS methods have been end of lifed and were removed from Security Services 2.0.4 (and greater) release:
    • Advanced X.509 Certificate
    • Enhanced Password
    • Entrust*
    • NDS Change Password
    • Simple X.509 Certificate
    • Universal Smartcard
    • Simple Password Login Client Module (LCM)
  • The NMAS MethodInstaller is end of lifed and has been replaced by the new iManager NMAS plug-in.
  • nmasinst does not have an option to remove NMAS methods. This must be done using iManager. See the NMAS Administration Guide for more information.


9.0 Fixes in Previous Security Services Patches


9.1 Security Services 204 Issues Resolved


Issues Resolved in PKI 3.2.2

  • 189937 PKI is not calculating UTC minutes when populating a KMO's NDSPKI:Not Before and Not After values
  • 193288 CA not operational error when you try to Issue Now a CRL
  • 196355 The default certificate : SSL CertificateDNS is not been created in Solaris
  • 214074 Error when trying to add a Novell Extension to a certificate when the CA doesn't have a Novell Extension
  • 217064 Added EKU of Encrypting File System support.
  • 219178 Added support for RFC 2985 (Certificate Extensions in a CSR)
  • 231859 verifyCertificate API getting error Basic Constraints: Subject Path Length violation -1258
  • 240946 eDir cored in module NPKI when restarting server


  • Issues Resolved in NICI 2.7.2

  • 150641 Implement changes in NICI to meet FIPS requirements
  • 220505 Bsafe vulnerablilities VU#845620- https://www.kb.cert.org/vuls/id/
  • 225160 NW Password Hash sometimes does not process null passwords correctly
  • 228088 With NMAS & NICI Clients installed attempt to login, the nwtray shuts down.
  • 228777 Abend PFPE in XMGR.NLM at code start +000184DDh


  • Issues Resolved in NMAS 3.1.3

  • 85092 Enable Excluded Passwords list to include wildcards.
  • 175663 nmasinst cannot login to the tree without -h option on Linux
  • 199328 Universal Password setting to not expire passwords when changed by admin
  • 206030 Added Password change timestamp attribute
  • 206616 Expanded containment rules for nspmPasswordPolicy, nsimChallengeSet, nspmPasswordPolicyContainer
  • 206875 Added an option that removes the oldest passwords from the password history when the number of passwords in the history exceeds a configured limit.
  • 213208 1644 with NMAS authentications (linux/unix only)
  • 218659 Added an NMAS Attribute ID that will return a typefull DN
  • 219902 ndsd core dump on AIX in nmasRefresh
  • 221521 ndsd core dump on Linux in nmasRefresh
  • 225549 Core/Abend when Blank or Null password is set
  • 225759 Can't read Post Login Config or Secretstore from a PLSM
  • 227957 Once password history is full, with "Verify whether existing password complies..." turned on, each login the user password is expired
  • 227940 NMAS abend after updating to NMAS 3.1.2 on BorderManager 3.8 SP5 VPN serverv
  • 231409 nmasinst.nlm not updating local server with nmas extensions
  • 238522 Added additional trace messages for failures loading and unloading methods
  • 238316 Removing Universal Password attributes with "Verify" option enabled, causes password migration and states password is expired
  • 238812 NMAS causes core when there is not a handler for the trace messages.
  • 246447 IDM setting/reading simple password error 1659, 9065


  • Issues Resolved in NTLS 2.0.1

  • 209320 double-free of NICI ctx inside ssl_ctx_read_kmo
  • 214034 OpenSSL vulnerability -RSA Signature Forgery (CVE-2006-4339)
  • 225588 CertMutual method fails with -16049 error - SLES 9 SP3 server
  • 235496 NetWare 6.5 SP6 abends if LDAP server is associated to an empty Trusted Roots container
  • 235496 NetWare 6.5 SP6 abends loading Apache


  • Issues Resolved in NMAS Methods 2.7.4

  • 159239 jndi md5-digest fails with international chars in username using due to using "ISO-8859-1" charset for username in hash
  • 165396 Receive text strings from challenge/response in utf-8
  • 197189 Long questions in Challenge/Response gives -1639 error
  • 201718 Ampersand (&) in Challenge/Response question or answer causing NMAS error -1665
  • 203067 The 2.7.2 DigestMD5 LSM may hang while unloading on Netware
  • 203068 The 2.7.2 CertMutual LSM may hang while unloading on Netware

  • 9.2 Security Services 203 Issues Resolved


    NPKIAPI 3.21

  • 204986 (npkiapi) Downgrading CA will cause new certificate creation to fail

  • NICI 2.7.0.2

  • 100339 NICI keys do not migrate when running Migration Wizard - Migration Fails

  • NMAS 3.1.2

  • 156294 nmasinst for NetWare requires password in clear text on console.
  • 163512 Expiring a user's password with grace logins resets after one login without changing the password.
  • 164979 NMAS - remove fopen, fclose, etc calls
  • 178618 Require a password not being honored correctly
  • 189988 Failed login delay not reset to default after Login Policy attribute deleted
  • 195516 Security Vulnerability - NMAS BerDecodeLoginDataRequest DoS Vulnerability
  • 196276 Null charactor on Simple Password is dropped when UP writes to simple
  • 201321 User unable to do NMAS authentication via IPX after applying NMAS 3.1.1
  • 201688 Mapping a volume via CIFS abends server in NMAS.NLM (Owned by CIFSPROX.NLM)
  • 201975 Maximum password length not enforced for password change or set
  • 201991 nmasldap_check_login_policy can cause NetWare to ABEND
  • 202028 Invalid parameters to nmasldap_set_address_policy can cause server to ABEND
  • 204330 Challenge Response questions\answers being written to multiple servers
  • 204358 Memory leak in MAF_MemMalloc
  • 205436 NMAS abending when logging in with NCP cilent
  • 206878 659 in nmas trace while doing ldapbinds, even when time is in sync
  • 207307 Network address restriction is not being enforced with SSP 202
  • 209313 Abend when auditing enabled
  • 209857 SPMNWCC.NLM causes FTP logins to go through NMAS and experience long delays on exref server
  • 210217 NMAS Simple Password Binds are Failing in AIX 5.2 with eDirectory 8739

  • NTLS 2.0

  • No NTLS bugs fixed since last release

  • NMAS Methods 2.7.3

  • 155575 Challenge ResponseClient truncates Challenge question if longer than 77 characters.
  • 161037 Random ASCII characters displayed in place of in the French challenge questions when displayed from the Novell Client.

  • 9.2 Security Services 202 Issues Resolved


    Certificate Server 3.2

  • 85166 rootcert.der needs to be created during the post-install if it doesn't exist
  • 86009 NPKIT setting umask
  • 115446 Add Private Key to PEM type
  • 160113 Import user cert, error -603
  • 161024 Removed fopen and fclose calls (Solaris)
  • 173703 Timing abend isssue in pki.nlm
  • 174590 Enable Allowable Subject Names matching for User Self-Provisioning
  • 178655 Need a way to use the newest CRL rather than a cached one when validating certificates

  • NICI 2.7

  • No NICI bugs fixed since last release

  • NMAS 3.1.1

  • 143676 NMAS is not clearing "Incorrect login count" when the "Intruder attempt reset interval" had elapsed.
  • 146019 NMAS generates Novell Audit events which in turn auto loads logevent.nlm and fills up the HD,need configuration option to turn NMAS audit off
  • 147631 nmasldap_check_login_policy() does not handle grace logins.
  • 149372 Associating Universal Password Policy on a container expires users passwords if their password doesn't comply with the Policy
  • 150726 Login with iManager for a user which has been moved to a long named OU, shutsdown the NDSD service on SLES 9
  • 151261 NMAS LSC file contains 2 entries with same ID.
  • 156122 LSM audit events should use method name not library name for "component" field in audit events
  • 156123 Update audit event file to support audit's new event groups feature
  • 156294 nmasinst for NetWare requires password in clear text on console.
  • 156949 nmasinst displays debug messages
  • 158260 MAF_DS functions need to be updated
  • 159917 NDS method is created without the sasMethodVersion attribute
  • 161308 ndsconfig add is failing
  • 164568 If the nspmExcludeList is not terminated causes an abend
  • 164929 Password history not enforced if password is expired
  • 165179 Core dump on performing LDAP Search / Add / Modify & Delete operations as different users who are members of different dynamic groups
  • 167505 Unknown error -338 occurred during ndsconfig while configuring NMAS service
  • 169483 Password History is not case sensitive
  • 169490 Password policy does not function properly when Verify password on login and Restrict days before password can be changed are both enabled
  • 173350 In certain cases, Password is expired when incorrect password is attempted.
  • 175412 With the password management property, we are currently able to set the nspmDistributionPassword, but we are not able to read the password.
  • 178722 Not able to set simple password (when treekey is DES, instead of 3DES)
  • 178777 ERROR: -1658 DALCreateLoginSession:GetXKey after uploading users with Passwords
  • 182893 After upgrading to NMAS 3.1, Post Login methods (Secure Workstation) break and give 1660 and 1652 errors
  • 184157 Login fails because Account is Locked, even though Locked By Intruder is False
  • 189684 NDS method set the UP everytime a user logs in, when the advanced UP rules are not enabled
  • 195671 NMAS memory leak in NMAS 3.1.0.1 (eDirectory 8.8 SP1)
  • 197221 Potential for NMAS to cause 100% utilization when users have many authorized clearances assigned to them

  • NTLS 2.0

  • No NTLS bugs fixed since last release

  • 9.3 Security Services 201 Issues Resolved


    Certificate Server 3.1.1

  • 128484 Cert Server is selected by default for a post-install on NetWare 6.5/OES. Files are downgraded if the post-install is over eDirectory 8.8.
  • 130661 Fix for the dynamic load of DClient symbols problem.
  • 143988 Fix for ASN.1 error with decoding CRL Distribution List.
  • 148939 Pkiinst now creates security objects.
  • 150533 A CRL is now created when the CA is created on second server.

  • NICI 2.7

  • No NICI bugs fixed since last release

  • NMAS 3.1

  • 71160 Added Verify Password Meets Policy on Login support for Client32TM (4.9.1 SP2).
  • 84957 Added an NMAS LDAP extension to force NMAS policy refresh for all platforms.
  • 85016 Added NMAS LDAP extension to check the login policy for a user and to update a user's login statistics.
  • 85024 NDS Proxy LCM no longer times out setting the Universal Password if NDS LSM fails.
  • 85042 Added AD complexity Password Policy.
  • 85054 Added Filtered Replica Support for Universal Password.
  • 85129 With 2000 concurrent client binds, an NMAS server no longer runs out of threads.
  • 85567 Notification of intruder lock on Windows is now to a log file, not in message boxes.
  • 97843 A remote upgrade from NW65 to NW65 SP4 no longer returns NMAS Login Methods could not be created errors.
  • 97779 Setting Simple Password no longer fails with error -603.
  • 105869 Ldapbinds from 300 clients no longer gives errors -669 and -6038.
  • 114164 There is no long delay when setting password.
  • 114187 Clients login test to mixed Linux and NW tree no longer gets System could not log you into the network" errors.
  • 115031 When a users password has expired, it now shows the change password screen in iManager 2.5.
  • 117472 Can now set Simple password through LDAP after applying NMAS 2.3.9.
  • 120572 Ldapsearch no longer fails with -632 error with wrong password before migrating the password (after enabling UP).
  • 124321 IPX login no longer fails with Network Address Restrictions set to all nodes FFFFFFFFFFFF and with NMAS enabled.
  • 131328 IPX Address restriction has been corrected.
  • 133910 NDSD no longer cores in NMAS after applying Solaris 8 cluster patch dated 11/10/05.
  • 134196 When user has address restrictions set, a client login no longer causes NMAS to abend.
  • 136716 Segmentation fault was corrected in spmDDCAtLoginEndCallBack when DDCVerifyPassword is called.
  • 137705 Added configurable login delay.
  • 142068 Added an API to retrieve the previous distribution password.
  • 142221 Policy Refresh Rate setting is now effective.
  • 143676 The intruder count is now cleared after exceeding the intruder expire date.
  • 144147 LDAP bind no longer fails when password is expired and the number of grace remaining is not zero.
  • 144358 Password lifetime is not enforced when the password is expired.
  • 145614 A trace message has been provided to report invalid SASL mechanism.
  • 147780 User can now do NMAS authentication via IPX after applying NMAS 2.3.9 or NMAS 2.4.0.

  • NTLS 2.0

  • No NTLS bugs fixed since last release

  • 10.0 Legal Notices

    Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

    Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

    Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to www.novell.com/info/exports/ for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

    Copyright 2007 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

    Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent applications in the U.S. and in other countries.

    Novell and NetWare are registered trademark of Novell, Inc. in the United States and other countries.

    eDirectory, Novell Client, Novell Certificate Server, and NMAS are trademarks of Novell, Inc.

    All third-party trademarks are the property of their respective owners.