I guess that most of you should know a tool named "Password remidender" (findpass) from http://www.smidgeonsoft.com/ that allows administrator users to dump, from the winlogon memory, clear text passwords that belongs to logged users.
To achieve that task, its necesary to specify the winlogon pid, username and domainname as a runtime parameter.
There is also a known limitation for that great tool. Password reminder should work only with MSGINA.dll so, if the Novell client is installed ( NWGINA.DLL) the application doesnt work.
A few months ago, on a penetration test under a Novell enviroment i have added support for Novell passwords, that are stored in cleartext under winlogon.exe memory. The code isnt 100% accurate but it works most times.
Some more features, like UserID and winlogon PId bruteforce have been added.
Tested under Novell Client 4.91 SP5.
Winlogon password dumper