In the past, administrators have needed to manage multiple passwords (simple password, NDS password, enhanced password) because of password limitations. Administrators have also needed to deal with keeping the passwords synchronized.
NDS Password: The older NDS password is stored in a hash form that is nonreversible. Only the NDS system can make use of this password, and it cannot be converted into any other form for use by any other system.
Simple Password: The simple password was originally implemented to allow administrators to import users and passwords (clear text and hashed) from foreign nds-cluster-config directories such as Active Directory and iPlanet.
The limitations of the simple password are that no password policy (minimum length, expiration, etc.) is enforced.
Enhanced Password: The enhanced password is no longer supported by Novell. The enhanced password is the forerunner of Universal Password. It offers some password policy, but its design is not consistent with other passwords. It provides a one-way synchronization and it replaces the simple or NDS password.
Novell introduced Universal Password as a way to simplify the integration and management of different password and authentication systems into a coherent network.
Universal Password addresses these password problems by doing the following:
Providing one password for all access to eDirectory.
Enabling the use of extended characters in passwords.
Enabling advanced password policy enforcement.
Allowing synchronization of passwords from eDirectory to other systems.
Most features of password management require Universal Password to be enabled.
For detailed information, see Section 2.0, Deploying Universal Password.