As a network operating system providing basic file and print services, NetWare provides security comparable to NT's. Like Unix, NetWare 4.0 and Novell Directory Service (NDS) store user passwords hashed with a salt value, which is the user's 32-bit user ID. Unlike NT and Unix, NetWare employs public key cryptography to fully authenticate the user to servers under NDS control and to maintain data integrity during login sessions. The password serves as an encryption key to protect the user's private key. A user logs in to NDS by proving to NDS that he or she knows the password through encrypted challenge-response exchange, at which point NDS securely conveys the user's private key to the user's workstation. Instead of using this permanent private key for data signatures, the workstation uses it to compute a temporary Gillou-Quisquater (GQ) key, which has two advantages. First, it's faster to use for signatures and second it's valid for only a defined period of time, thus limiting the amount of damage that rogue workstation software could do if it got possession of the key. The workstation doesn't store either the user password or the private key. Once the user logs in and his or her workstation generates a session GQ key, the workstation and the servers under NDS can mutually authenticate themselves through their public keys. They also safeguard the integrity of much of the data exchanged between them by digitally signing the first 52 bytes of each packet. Like NT, NetWare maintains Access Control Lists for the network objects (files, directories, printers, servers, etc.) under its control. Each of these Access Control Lists can grant or deny a variety of access rights either to individual users or to various groups. However, NetWare's security differs from NT's in that NDS supports multiple hierarchical levels from the tree root down through organizational units (including subsidiary organizational units) and multiple servers, each containing directories, files, printers, and other network resources. NDS allows the administrator to define security privileges at any of the levels, while NT 4.0's directory structure supports only domains at the top level and servers within each domain. (We discussed NT 5.0's more advanced distributed security earlier in this report.)