Environment
Novell NetWare 6.5 Support Pack 5
Novell NetWare 6.5 Support Pack 6
Native File Access Protocols
Universal Password
Situation
When creating a password policy, you can specify in the policy
whether the password should be case sensitive or not. However
when setting the password policy to make the passwords case
insensitive, this works for Windows workstations connecting through
the Novell client for Windows but it does not work for AFP clients.
Resolution
The only way to make AFP passwords case insensitive is to load
AFPTCP.NLM with the CLEARTEXT command line option. This will
however cause the workstations to send the password in clear text
over the network and might be a security issue.
NOTE: Without the CLEARTEXT option, it is technically
impossible for the server to handle the password in a case
insensitive way. In fact, the password is hashed on the
client side and the server will never see what exact case the user
used when entering the password. The server can only apply
the same hash to the password stored in eDirectory and compare it
with the hashed password sent by the client.
Additional Information
Native File Access for Macintosh (AFPTCP.NLM) supports the User Autentication Methods (UAM) Random Number Exchange and Two-Way Random Number Exchange for secure authentication. According to the Apple Filing Protocol version 3.1 specification from Apple, these UAMs require a case-sensitive password.