Can the AFP password be made case insensitive?

  • 3662858
  • 12-Jul-2007
  • 27-Apr-2012

Environment

Novell NetWare 6.5 Support Pack 5
Novell NetWare 6.5 Support Pack 6
Native File Access Protocols
Universal Password

Situation

When creating a password policy, you can specify in the policy whether the password should be case sensitive or not. However when setting the password policy to make the passwords case insensitive, this works for Windows workstations connecting through the Novell client for Windows but it does not work for AFP clients.

Resolution

The only way to make AFP passwords case insensitive is to load AFPTCP.NLM with the CLEARTEXT command line option. This will however cause the workstations to send the password in clear text over the network and might be a security issue.
NOTE: Without the CLEARTEXT option, it is technically impossible for the server to handle the password in a case insensitive way. In fact, the password is hashed on the client side and the server will never see what exact case the user used when entering the password. The server can only apply the same hash to the password stored in eDirectory and compare it with the hashed password sent by the client.

Additional Information

Native File Access for Macintosh (AFPTCP.NLM) supports the User Autentication Methods (UAM) Random Number Exchange and Two-Way Random Number Exchange for secure authentication. According to the Apple Filing Protocol version 3.1 specification from Apple, these UAMs require a case-sensitive password.