One of the features that really put NetWare on the networking map was Novell Directory Services (NDS). Like Microsoft's Active Directory, NDS (which has been around since 1994) is a directory services system that enables network objects to be stored in a database. This database can then be divided and distributed among different servers on the network. These processes are known as partitioning (the dividing) and replication (the distribution among servers on the network). Although introduced as NDS with NetWare 4.x, Novell has now renamed the product eDirectory and made it platform independent.
Like the other network operating systems, NetWare is a full-featured operating system that offers all the functions required by an organization, including file and print services, DNS and DHCP servers, and FTP and Web servers. NetWare also supports a wide range of third-party hardware and software.
NetWare Authentication
As with all the other network operating systems discussed in this chapter, by default NetWare authentication is performed by using a username and password combination. As well as supplying this information, users also need to tell client software which NDS tree to authenticate to and the location of the user object in the NDS tree. NetWare also supports numerous other authentication mechanisms such as smartcards and biometrics.
After a user has been validated to the eDirectory tree, an assortment of restrictions is evaluated, including allowed logon times and station restrictions. These prevent users from logging on during restricted times and from certain workstations.
Information about the user account and what the user can and can't access is stored in the NDS. For this reason, a copy of the NDS must be available in order for the user to be able to log on. Also, each time a user attempts to access a resource, their authentication status is checked in the NDS to make sure that they are who they say they are, and that they are allowed to access the resource. One benefit of this system is that a user need only log on once in order to be permitted resources anywhere on the network.