Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

NetWare 5.1 Password Questions

Posted on 2004-09-22
6
Medium Priority
?
243 Views
Last Modified: 2012-06-21
Do you know of a password tool that will search for simple Novell username passwords and let us know if they don't meet our 8-character complex password requirement (numbers + letters)?  

Also, is there a password cracking tool that'll allow me to try and crack our user's current passwords to make sure we're secure?  I need to somehow export the user's passwords and test since I don't want to lock out accounts on a live server.
0
Comment
Question by:alfalibra
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 34

Accepted Solution

by:
PsiCop earned 2000 total points
ID: 12130141
These queries tread dangerously close to the limits of the EE Member Agreement. Even if I knew I password cracking tools for the NetWare environment, I wouldn't tell you that I did or tell you what they are. That's simply not done around here. If you have a legit need for a security audit, hire a legit security auditing contractor, or go to school to develop the necessary expertise.

There is no password cracking or password export in the NetWare environment. The passwords are not stored in plain text - they are encrypted, using a trapdoor algorithim. There is no way (in theory) to take an encrypted password and reverse the encryption to get the original password. Any cracks have to be brute-force, and that's what the Intruder Lockout function is there to prevent (you DO use Intruder Lockout, right?).

If you want to make sure all user passwords in your organization meet your 8-character minimum, that is simple:

1) Set all accounts to require a password, and to require an 8-character minimum, and to a limited number of grace logins
2) Expire the current password on all existing accounts

You may wish to exempt "service" accounts or accounts with a special purpose. Anyway, all users will be forced to change their password (if they don't, they'll eventually be locked out - how soon that happens depends on the number of grace logins you specify), and the new password will have to be a minimum of 8 characters.

There is, unfortunately, no ready way to enforce a password complexity requirement (only a length requirement) in the stock NetWare environment. You'd have to custom code that, or find someone who's done it in a open-source fashion. I don't know anyone offhand.

I think you will find the JRB Utilities (http://www.jrbsoftware.com) of a great deal of use as you audit your environment. You should invest in such a tool.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 12132558
What you should do, if you want to enforce strong passwords, is upgrade your NetWare.  NetWare 6.x, using the latest eDirectory version, can enforce strong passwords, limit password length (min and max), use a dictionary of common words to disallow their use, and more.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 12133325
I just mentioned a way to enforce complexity in the stock NetWare environment, by the way...
0
Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

 
LVL 34

Expert Comment

by:PsiCop
ID: 12133375
He'd have to upgrade, but I confess I didn't know what about v6.5/eDir 8.7.3. Can you point out some docs on that?
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 12133545
It's part of the NMAS, which was rolled into eDirectory 8.7.3 - no longer a separate product.  If you look at the eDir 8.7.3 docs, it tells about it.  I'm kind of on hold, in the middle of implementing it.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12133615
Ah. NMAS. We don't use it, so I never explored it. Thanks for clarifying.
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the most important things in an application is the query performance. This article intends to give you good tips to improve the performance of your queries.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question