Novell Doc: Novell Client 4.91 SP5 for Windows XP/2003 Installation and Administration Guide

6.2 Managing Passwords

Starting with NetWare 6.5 and eDirectory™ 8.7.3, Novell provides password management tools that help administrators secure the network with stronger passwords and reduce password management by enabling end users to manage their own passwords. This set of tools is referred to as Universal Password.

With Universal Password, users can employ a single username and password to access networks, applications, devices, Internet sites, online services, portals, and more. Administrators can reduce or eliminate the mundane task of resetting user passwords when they are forgotten or lost. Universal Password also manages multiple types of password authentication methods from disparate systems and provides extended password management capabilities. Universal Password is made possible by Novell Modular Authentication Services (NMAS^™) advanced authentication technology that allows for multiple methods of authentication, including simple passwords, smart cards, biometrics, tokens, and digital certificates.

Universal Password uses eDirectory plus NMAS to create just that—a “universal password” that is used for access to all resources. This password takes the place of the combination of simple passwords, NDS^® passwords, and enhanced passwords in eDirectory, and allows for the enforcement of strong password policies, such as minimum or maximum number of characters, a combination of alphabetic and numeric characters, and forced password reset.

In addition, password policies let users set a hint for their passwords. If a password is entered incorrectly or is forgotten, users can click Did you forget your password? and retrieve the hint they entered to help them remember their password. This reduces administrator time spent resetting forgotten passwords.

For more information on deploying universal passwords, see the Universal Password Deployment Guide in the Novell Modular Authentication Services 3.0 Administration Guide and Managing Passwords by Using Password Policies in the Novell Password Management Administration Guide. It is important that you understand the requirements for using these advanced password policies before rolling out any password changes to your network.

The Novell Client™ takes advantage of several of the features provided in Universal Passwords, including

Stronger password policies set in iManager.
Display of password requirements on the Change Passwords screen so that users know what policies you have set for passwords.
Access to password hints to help users remember their passwords.
Support for changing passwords.
Challenge/response for password reset.

6.2.1 Creating Strong Passwords

Password policies allow you to set strong password policies such as minimum or maximum number of characters, a combination of alpha and numeric characters, and forced password reset. You set password policies in Novell iManager and then assign them to users. Administering passwords by using Novell iManager automatically sets the Universal Password to be synchronized to simple and NDS password values for backwards compatibility. The NMAS task in iManager allows for granular management of individual passwords and authentication methods that are installed and configured in the system.

For more information on setting up password policies in iManager, see Managing Passwords by Using Password Policies in the Novell Password Management Administration Guide. Make sure that you read this documentation and understand the requirements before rolling out any password changes to your network.

Then, use the Password Policy Wizard in iManager to set up the policies.

Make sure you have completed the steps in Prerequisites for Using Password Policies in the Novell Password Management Administration Guide. These steps prepare you to use all the features of password policies.
In iManager, click Password Management > Manage Password Policies.
Click New to create a new Password policy.
Follow the steps in the wizard to create Advanced Password Rules, Universal Password Configuration Options, and Forgotten Password selections for the policy.

For information about each step, see the online help as well as the information in Managing Passwords by Using Password Policies in the Novell Password Management Administration Guide.

6.2.2 Displaying Password Requirements for End Users

Password policies ensure that passwords adhere to administrator-defined criteria. The user can examine these criteria by clicking the Password Policy or Policy button in any of the Change Password dialog boxes.

Figure 6-1 Change Password Dialog Box

Figure 6-2 Change Expired Password Dialog Box

The following is an example of the password criteria displayed in the Novell Client Password Policy dialog box.

Figure 6-3 Novell Client Password Policy Dialog Box