Installation Guide

Authentication on NetWare platforms

In previous releases of EMSRV, two versions of the EMSRV for NetWare NLM were supplied - one that used bindery authentication and one that used NDS authentication. Bindery authentication is no longer supported. This release includes one NLM that supports NetWare 4.2 and 5.1. EMSRV no longer supports versions 3.x of NetWare.

Account names authenticated by EMSRV for NetWare can come from two sources - the name of the EMSRV user and the network names for users managed in a repository. Account names can be simple or distinguished. Both forms can also be typeful or typeless. Some examples are provided below:

Simple typeless name 
  adrian 
Simple typeful name
  CN=adrian   
Distinguished typeless name 
  adrian.engineering.ral.IBM
Distinguished typeful name
  CN=adrian.OU=engineering.OU=ral.O=IBM

Names are always authenticated in the context of the NDS context that is specified when EMSRV is started (the context is appended to the account name). Absolute names (those preceded with a period) are authenticated in the [Root] context (any context specified when EMSRV was started, is ignored). For each trailing period in a name, one component of the context is removed before being appended to the name. This allows names to be resolved in containers that are higher in an NDS tree than the specified context. Some examples:

Context             engineering.ral.IBM
Name                adrian
Resulting name      adrian.engineering.ral.IBM
 
Context             engineering.ral.IBM  
Name                .admin.IBM
Resulting name      .admin.IBM
 
Context             engineering.ral.IBM
Name                kathy.support.phx..
Name                kathy.support.phx.IBM

By using a distinguished name, it is possible to authenticate users in different containers. The most common case for this may be if the account names for users are located in one container but the EMSRV user is located in another. For example, if Netware accounts corresponding to network names of users in a repository exist in the container 'engineering.ral.IBM' but the EMRSV user exists in the container 'IBM', the following command could be used to load EMSRV:

load emsrv -u .EMSRV.IBM -p test - W sys:emsrv -rn -SC engineering.ral.IBM

Alternatively, the following command would also accomplish the same result:

 load emsrv -u EMSRV.IBM.. -p test - W sys:emsrv -rn -SC engineering.ral.IBM


[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]