?
Solved

NetWare 5.1 Password Questions

Posted on 2004-09-22
6
Medium Priority
?
241 Views
Last Modified: 2012-06-21
Do you know of a password tool that will search for simple Novell username passwords and let us know if they don't meet our 8-character complex password requirement (numbers + letters)?  

Also, is there a password cracking tool that'll allow me to try and crack our user's current passwords to make sure we're secure?  I need to somehow export the user's passwords and test since I don't want to lock out accounts on a live server.
0
Comment
Question by:alfalibra
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 34

Accepted Solution

by:
PsiCop earned 2000 total points
ID: 12130141
These queries tread dangerously close to the limits of the EE Member Agreement. Even if I knew I password cracking tools for the NetWare environment, I wouldn't tell you that I did or tell you what they are. That's simply not done around here. If you have a legit need for a security audit, hire a legit security auditing contractor, or go to school to develop the necessary expertise.

There is no password cracking or password export in the NetWare environment. The passwords are not stored in plain text - they are encrypted, using a trapdoor algorithim. There is no way (in theory) to take an encrypted password and reverse the encryption to get the original password. Any cracks have to be brute-force, and that's what the Intruder Lockout function is there to prevent (you DO use Intruder Lockout, right?).

If you want to make sure all user passwords in your organization meet your 8-character minimum, that is simple:

1) Set all accounts to require a password, and to require an 8-character minimum, and to a limited number of grace logins
2) Expire the current password on all existing accounts

You may wish to exempt "service" accounts or accounts with a special purpose. Anyway, all users will be forced to change their password (if they don't, they'll eventually be locked out - how soon that happens depends on the number of grace logins you specify), and the new password will have to be a minimum of 8 characters.

There is, unfortunately, no ready way to enforce a password complexity requirement (only a length requirement) in the stock NetWare environment. You'd have to custom code that, or find someone who's done it in a open-source fashion. I don't know anyone offhand.

I think you will find the JRB Utilities (http://www.jrbsoftware.com) of a great deal of use as you audit your environment. You should invest in such a tool.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 12132558
What you should do, if you want to enforce strong passwords, is upgrade your NetWare.  NetWare 6.x, using the latest eDirectory version, can enforce strong passwords, limit password length (min and max), use a dictionary of common words to disallow their use, and more.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 12133325
I just mentioned a way to enforce complexity in the stock NetWare environment, by the way...
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
LVL 34

Expert Comment

by:PsiCop
ID: 12133375
He'd have to upgrade, but I confess I didn't know what about v6.5/eDir 8.7.3. Can you point out some docs on that?
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 12133545
It's part of the NMAS, which was rolled into eDirectory 8.7.3 - no longer a separate product.  If you look at the eDir 8.7.3 docs, it tells about it.  I'm kind of on hold, in the middle of implementing it.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12133615
Ah. NMAS. We don't use it, so I never explored it. Thanks for clarifying.
0

Featured Post

Introducing Priority Question

Increase expert visibility of your issues by participating in Priority Question, our latest feature for Premium and Team Account holders. Adjust the priority of your question to get emergent issues in front of subject-matter experts for help when you need it most.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I’ll look at how you can use a backup to start a secondary instance for MongoDB.
We are witnesses that everyone is saying that our children shouldn't "play" with a technology because it is dangerous. This article is going to prove that they are wrong.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month15 days, 11 hours left to enroll

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question