Re: Novell 32bit Client , Passwords

[reddog_33 () HOTMAIL COM (Reddog Hummer)]

the novell pasword isn't saved in *.PWL

but some stupid users log on to an offline system
and that pasword will save in a *.pwl

red

> From: Seth R Arnold <sarnold () WILLAMETTE EDU>
> Reply-To: Seth R Arnold <sarnold () WILLAMETTE EDU>
> To: VULN-DEV () SECURITYFOCUS COM
> Subject: Re: Novell 32bit Client , Passwords
> Date: Thu, 6 Apr 2000 10:18:32 -0700
>
> * Michael Sanders <michaels () ebusolutions co za> [000406 08:42]:
> > Sorry if this has been covered already, does anyone know were the
> passwords
> > are cached in the novell client? Ive noticed that when a Novell 4.11
> server
> > goes down and brought back up again the client authenticates with the
> > correct logon details to the NDS. Is they cached , are the encrypted adn
> do
> > they get cleared ?
>
> Michael, it might vary between the microsoft novell client and the
> novell novell client (aka intranetware, aka client32) -- but I believe
> both of them store the passwords in windows' .pwd files (under 9x) and
> in user.dat in the user's profile directory under NT.
>
> As for being encrypted, they are at least obfuscated. They might be
> stored encrypted with the user's single-signon password, or they might
> be stored in a plain-text equivalence. I honestly don't know, but a
> search at MS's KB for "password cache" or "password caching" might turn
> up exactly what you want to know.
>
> HTH
>
> --
> Seth Arnold | http://www.willamette.edu/~sarnold/
> Hate spam? See http://maps.vix.com/rbl/ for help

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com