DSPass

Version PK-4.60
(Nov 22, 1998)

 DISCLAIMER:
     THIS  PRODUCT  IS  SUPPLIED  "AS  IS".  DREAMLAN 
     DISCLAIMS ALL WARRANTIES,  EXPRESSED OR IMPLIED,
     INCLUDING, WITHOUT  LIMITATION,  THE  WARRANTIES
     OF  MERCHANTABILITY   AND  OF  FITNESS  FOR  ANY
     PURPOSE.  DREAMLAN   ASSUMES  NO  LIABILITY  FOR
     DAMAGES,  DIRECT  OR  CONSEQUENTIAL,  WHICH  MAY
     RESULT FROM THE USE OF THIS PRODUCT.

Introduction
What's New
Notes
Installation
Usage
Configuration
Registation
Other Information
Revision History

Introduction

DSPass [DS-Pass] is a NetWare NLM utility that allows you to change the DS password for any NDS user without having to first authenicate into the NDS tree as Admin -- this is useful if the Admin password is lost.

The latest version (v2.0+) can also be used to change the bindery password of any DS object and (the bindery) Supervisor on a given server, if Bindery Service is enabled on that server.

What's New

Starting with v4.50, an interactive mode has been added. This is now the default.

Novell Certified for NetWare 5. (YES Bulletin #44431)

Notes

The target container name can be given in fully distinguished name or typeless name. You don't need to specify the leading period to indicate absolute path. For example,

OU=org_unit_name.O=org_name
org_unit_name.org_name
.org_unit_name.org_name
are considered to be the same.
Because this utility can change the password of a user that has S rights to the [Root], so as a security precaution DSPass can only be loaded and executed from a diskette (drive A: or B:). It cann't be loaded from C: or a NetWare volume.
This provides a small security measure against someone from changing the passwords who has no physical access to the server. You can also minimize the risk by doing a REMOVE DOS on the server console so that DOS devices can not be accessed unless the server is restarted. The use of SECURE CONSOLE will restrict the loading of NLMs to SYS:SYSTEM (or search paths established prior to SECURE CONSOLE).
This utility has not been fully tested with SFT III servers. If you need to use it on a SFT III system, try it on the MSEngine.
The utility is keyed to the name of your NDS tree. Therefore, it will not work on a different tree. This is another small security measure we took to prevent someone from coming into your site with a copy of this utility obtained eleswhere.
A free connection slot is needed on the server for the utility to load.
DSPass has been tested with the latest DS.NLM on NetWare 4.10, NetWare 4.11, and on NetWare 5.
You need to load the NLM on the server which contains a replica of the container in which the user object resides.
If the NDS object name you wish to change the password has embedded blanks, you need to surround the object name with double quotes (") or substitute the blanks with underscores. For example, to change the password for an NDS object CN=Test User in container O=Demo, the syntax is:

LOAD A:\DSPASS "Test User.Demo" newpass
LOAD A:\DSPASS Test_User.Demo newpass
There must be a valid license (even if a 2-user) installed on the server for the NLM to load correctly.

Installation

No special installation steps or program need to be used. Simply copy DSPASS.NLM to a diskette. Make sure the DSPASS.LIC (license file) is located on the root directory of the diskette.

Without a valid license, this copy of DSPASS.NLM runs in the demo mode. It will only change the password for the NDS object

.CN=DSPass-Demo.O=DreamLAN-DSPass

in your NDS tree. In order to try out this NLM, you will need to create the O= container and the CN= user objects in your tree.

In the demo mode, you will not able to specify a new password (a random one is assigned). Therefore, to test the NLM, create the user object, assign a password. Login with it first to ensure the password is correct. Run the NLM and try to login again. You will find that the password has changed.

Usage

The latest version provides a menu interface if no parameter is specified during the loading of the NLM. This is the preferred option.

You can load DSPASS.NLM with command-line parameters to bypass the menu prompting. The syntax for loading DSPASS is:

LOAD DSPASS CN=userobjectname.OU=orgunit.O=org newpassword

You will be prompted to enter an authenication password. This provides a simple protection should someone at your site somehow got a hold of this utility and also have physical access to a server. The password is ----- (not shown here). Note the case.

If you need to change the bindery password of an object, load DSPASS with the -A (Advanced) option. Or on the command-line, make sure the object name you specified is just the common name portion.i.e. "userobjectname" and no context information. Also, after the password field, specify a "-B" option. Example,

LOAD DSPASS userobjectname newpassword -B

Make sure you have either a Master or Read/Write replica on this server, and the bindery context is set correctly. The userobjectname does not need to be in the first bindery context. (To change the bindery Supervisor password, use Supervisor as the username.)

You should keep this file in a safe place, and separate from the software.

If you encounter an error message similar to the following about fmod, ensure MATHLIB.NLM is loaded (it is not auto-loaded by the NLM):

Server-4.10-1586: Loader cannot find public symbol: fmod

Configuration

n/a

Registration

The full version of DSPASS.NLM is available by registering on-line through the following Web sites:

http://www.dreamlan.com

http://www.jpence.com

http://www.shareit.com

http://www.reg.net

The NDS tree name is required as it is used to generate a key. The registration cost is $99 US. Canadian registration is $135 CDN plus GST. All other countries, please remit in US funds.

You can also FAX a company Purchase Order to +1 (905) 887-3836. Please make sure you either include your tree name information on the FAX or send a follow up email.

Special site agreements for multiple trees and service providers are available. Although the license does not grant you the right to resell the program (for a profit; but you can charge the customer a service charge for your time). If you are a service provider, you can register copies on behave of your customers (by providing your customer's mailing information -- this is used only for tracking purposes). At the same time, we ask you to send us a separate email indicating that you are registering on behave of your customer and inciate in this email if further software upgrade (free or for a charge) be send to you or the customer directly, and an email address for that purpose.

Because of the security implication, we may request you to FAX us a cover letter using your company's letterhead for verification or request other means of verification that your need is authentic.

Other Information

DSPass is written in C using WatCOM C v10.0a optimizing compiler and Novell Developer Kit. No undocumented APIs are used.

Inclusion of this utility on CD-ROMs (except for backup purposes) without permission from DreamLAN Network Consulting Ltd. is expressly prohibited.

Revision History

May 13, 1995. Version PK-1.00, first released code.
Oct 07, 1995. Version PK-1.01, released code. Added load-source security check.
Nov 01, 1995. Version PK-1.02, released code. Added min. NetWare version check.
Nov 04, 1995. Version PK-1.03, released code. Added authorization key check. The utility is now "keyed" to the DS tree name.
Nov 23, 1995. Version PK-1.04, released code. Added typeless naming support.
Feb 23, 1996. Version PK-2.10, released code. Added bindery support.
May 06, 1996. Version PK-2.15, released code. Changed the way licensing information is handled.
May 09, 1996. Version PK-2.20, released code. Enhanced the way authenication password is keyed to the NLM name.
Aug 09, 1996. Compat. testing with latest DS.NLM from NetWare 4.10 and 4.11.
Jul 15, 1998. Version PK-4.50, released code. Added interactive mode and tested with Moab Beta 3. Y2K.
Nov 22, 1998. Version PK-4.60, released code. Cosmetic changes. Tested with Gold code of NetWare 5.