I don't think so. The password property of the user object has a security
equivalent to the bindery, meaning that only Netware can directly read it
and change it. Netware provides two functions to handle passwords:
1. Change the password - you have to be the same user as the object
or the supervisor to do this.
2. Verify the password - you pass Netware a string which you think
is the password of the user object and Netware will tell you
if it indeed was the password.
Kevin Pinto ag...@acvax.inre.asu.edu
Chem Engg, ASU, Tempe, AZ
>I don't think so. The password property of the user object has a security
>equivalent to the bindery, meaning that only Netware can directly read it
>and change it. Netware provides two functions to handle passwords:
You can, of course, read it right out of net$val.sys after locking
the bindery. And, of course, it is encrypted.
A 15 minute investigation shows that the password is stored in (at least?)
16 characters, and, of course, change 1 and all 16 characters change.
Rumour has it that Novell's encryption algorithm is Lossy.
Having absolutely no Crypto-Background, I have no Idea whether Novell's
Algorithm is Secure, but I hope so, because it only takes about 10 or
so seconds (depending on how large your bindery is) to get a snapshot
of the Bindery. Better not leave your terminals unattended.
Some things to be aware of, anybody capturing your bindery
this way will leave a bit of a trail,
1) A bindery lock will appear on the system console.
2) The bindery lock will be recorded in the sys$log.err file.
Of course the Competent cracker will erase both of those traces.
Furthermore, leaving your console unsecure gives the cracker the
ability to instantly create a supervisor Equiv user. Sigh. So
Secure that Terminal.
| Gordon Harry Shephard | Distributed Computing Support Group |
| Academic Computing Services | Phone: (604)291-3930 (604)464-4991 |
| Simon Fraser University | |
| Burnaby, BC, Canada. V5A 1S6 | shep...@sfu.ca |
| Disclaimer: In No Way am I speaking for my Employers or Simon Fraser |
| University. |
I basically want to move users from from one server to another, or
want to give them access to another server with their same id and pswd.
Is there a way for me to sync and/or merge that part of the bindery?
I'm talking on the order of 500+ users.
>I basically want to move users from from one server to another, or
>want to give them access to another server with their same id and pswd.
>Is there a way for me to sync and/or merge that part of the bindery?
>I'm talking on the order of 500+ users.
Hmmm. You could Install a Trojan Horse which captures their plain-text
password, and places it in a location (secure hopefully) for later account
creation (Of course this requires them to log in)
You can read out the encrypted string, but not the plaintext--it's not
there to read.
Gary Heston SCI Systems, Inc. ga...@sci34hub.sci.com site admin
The Chairman of the Board and the CFO speak for SCI. I'm neither.
Remember: A majority of the American people voted against *all* of the
Presidential Candidates. How encouraging....
Is there a utility that will just move that encrypted string to another
server? I really dont care what the password is, but would like to make a
partial server transition somewhat seamless to end users.
Hi Rich, here's what you need to do:
On your existing server, run bindfix. Bindfix will modify the bindery,
and create 3 backup files in the process: NET$OBJ.OLD, NET$PROP.OLD,
Copy these files into your new server's SYSTEM directory.
Run bindrest on your new server. You will now have all of your bindery
intact on your new server. Note that this will not move the users login
scripts, printdefs, and certainly not any files in their directorys.
To move that stuff, you'll need to xcopy the mail directory, and any other
directorys that you need.
Your users will still have the same ids, so the mail directorys will
Good luck, Rich.....
This will work. It's the active net$*.sys files which wont copy easily.
I've gotten half a dozen email suggesting I do this. I've done it succesfully
at least three times in the past. But this time, I have two binderys with
different users in them. I'd like to plop all the users (and passwords, etc)
from one into the other without destroying what's already in the target.
I've gotten several suggestions to just write a program that reads and writes
to the respective bindery too. Those kinda suggs useless to me because I
would've already done so if I easily knew how. Thanks anyhow. rich
I disassembled the encryption routines used by novell, and translated
them to C, you can ftp the source from dutiws.twi.tudelft.nl,
from directory /pub/novell : nvpw.c
I don't know if it is reversible, I tried encrypting strings of all
zeroes and 1 bit set to one, when you look at the result, there are
many encrypted strings almost equal, some are equal.
It can be implemented very fast, so brute force attacks may not be so