Authentication
Authentication is the process by which a user proves they are who they say they are to the network operating system. All NetWare versions since version 4.0 use Novell Directory Services
(NDS) for resource access and authentication. A directory service
is a feature of a network operating system that enables users to find network resources. There are three main types of directory services for NetWare:
Bindery The bindery ( pronounced with a long i ) is a simple, flat database of users, groups, and security information that resides on a server. It is available in versions of NetWare prior to version 4.
Novell Directory Services (NDS)
This provides access to a global, hierarchical database of
network entities (called objects ). It is available in version 4 and later. Based on the X.500 Internet directory standard (a standard way of naming network entities), this database (called the Directory with a capital D , not to be confused with a DOS directory) is distributed and replicated to all NetWare servers on the network. Each server contains a part of the directory database. Additionally, all servers know about one another and the directory information
that each contains.
EDirectory This is just an extension of NDS. It allows NDS trees to be connected over the Internet, essentially creating a meta directory. The current version of NDS is known as eDirectory.
A major advantage of NDS over the bindery is that with NDS, the entire network is organized into a hierarchical structure, called an NDS tree. This tree is a logical representation of a network. It includes objects that represent the network’s users, servers, printers, and other resources (see Figure 5.2). On the other hand, the bindery contains user information for only the server on which it resides. NDS is described as a network-centric directory service, whereas the bindery is server-centric.
FIGURE 5 . 2 A sample NDS Tree
To contrast these two directory services, let’s look at an example. If a user on a NetWare 3.x network wants to log in to multiple servers, the administrator must create users on every server.
If there are 20 servers on the network, the administrator must create that user 20 times, once on each server. With NDS, however, the administrator simply creates a single user object in the
Directory. The user can then log in to the network on any server. The administrator simply assigns rights to the resources that the user needs to access.
To change the Directory database, a NetWare network administrator uses a program called NetWare Administrator. Although this graphical Windows utility has gone through several iterations in the past six years since its introduction, it is the only administrative utility you need to modify NDS objects and their properties. Many utilities are available for specific functions, but NetWare Administrator is the one utility that can do it all. Figure 5.3 shows a sample Net-Ware Administrator screen. From this one screen, an administrator can modify any object’s
properties, including security settings, object names, and network parameters. You can manage your entire network from this one program.
Each iteration of NetWare Administrator included new features and a new filename. Table 5.2 lists the myriad versions and their associated filenames.
FIGURE 5 . 3 A NetWare Administrator screen
TABLE 5 . 2 NetWare Administrator Filenames