NetWare 5.1 Password Questions

Do you know of a password tool that will search for simple Novell username passwords and let us know if they don't meet our 8-character complex password requirement (numbers + letters)?  

Also, is there a password cracking tool that'll allow me to try and crack our user's current passwords to make sure we're secure?  I need to somehow export the user's passwords and test since I don't want to lock out accounts on a live server.
alfalibraAsked:
Who is Participating?
 
PsiCopConnect With a Mentor Commented:
These queries tread dangerously close to the limits of the EE Member Agreement. Even if I knew I password cracking tools for the NetWare environment, I wouldn't tell you that I did or tell you what they are. That's simply not done around here. If you have a legit need for a security audit, hire a legit security auditing contractor, or go to school to develop the necessary expertise.

There is no password cracking or password export in the NetWare environment. The passwords are not stored in plain text - they are encrypted, using a trapdoor algorithim. There is no way (in theory) to take an encrypted password and reverse the encryption to get the original password. Any cracks have to be brute-force, and that's what the Intruder Lockout function is there to prevent (you DO use Intruder Lockout, right?).

If you want to make sure all user passwords in your organization meet your 8-character minimum, that is simple:

1) Set all accounts to require a password, and to require an 8-character minimum, and to a limited number of grace logins
2) Expire the current password on all existing accounts

You may wish to exempt "service" accounts or accounts with a special purpose. Anyway, all users will be forced to change their password (if they don't, they'll eventually be locked out - how soon that happens depends on the number of grace logins you specify), and the new password will have to be a minimum of 8 characters.

There is, unfortunately, no ready way to enforce a password complexity requirement (only a length requirement) in the stock NetWare environment. You'd have to custom code that, or find someone who's done it in a open-source fashion. I don't know anyone offhand.

I think you will find the JRB Utilities (http://www.jrbsoftware.com) of a great deal of use as you audit your environment. You should invest in such a tool.
0
 
ShineOnCommented:
What you should do, if you want to enforce strong passwords, is upgrade your NetWare.  NetWare 6.x, using the latest eDirectory version, can enforce strong passwords, limit password length (min and max), use a dictionary of common words to disallow their use, and more.
0
 
ShineOnCommented:
I just mentioned a way to enforce complexity in the stock NetWare environment, by the way...
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
PsiCopCommented:
He'd have to upgrade, but I confess I didn't know what about v6.5/eDir 8.7.3. Can you point out some docs on that?
0
 
ShineOnCommented:
It's part of the NMAS, which was rolled into eDirectory 8.7.3 - no longer a separate product.  If you look at the eDir 8.7.3 docs, it tells about it.  I'm kind of on hold, in the middle of implementing it.
0
 
PsiCopCommented:
Ah. NMAS. We don't use it, so I never explored it. Thanks for clarifying.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.