Re: [netatalk-admins] Error Compiling

Subject: Re: [netatalk-admins] Error Compiling
From: Sascha Knific (knific@ibm.net)
Date: Thu Feb 25 1999 - 18:32:37 EST

Hi Kimon,

At 20:58 24.02.99 -0500, you wrote:
>Thanks for responding to my plea for help Sascha. It turn out that is
>exactly what it was. I completely ignored the fact that a linux specific
>Makefile existed. I was only editing the global one.

The original netatalk from umich wasnīt good documentated at all (the program
AND the source). That changed with the asun-package. You always have
to read the changelog.
People are asking for rpm-packages of netatalk+asun but itīs time for
a move to autoconf (and there would be much less problems and questions
like this).
I donīt have an idea of autoconf - so donīt ask me at the moment.

>Just out of curiosity, since you seem to know be familiar with SuSE 6.0,
>does it use shadow passwords? I am logging in which is great! But I think
>because the Mac uses cleartext and SuSE uses shadow passwords, I can only
>log in as guest. Do not worry if a) you do not know or b) this is a very
>simple question answered somewhere in the FAQs. I plan on investigating it
>when I have fewer exams and more free time, but I was just curious if there
>was a quick solution or adjustment to netatalk.

SuSE like most (or all?) linux distributions are using shadow passwords. RedHat
has additionally PAM.
The problem with authentification (especially when linux is serving other
platforms) is:
- Linux stores a hash of the password (oneway(!!!) encryption)
If both are doing encrypted authentification it goes on like this
(otherwise the cleartext
password gots checked again the hashed version - like the way are you
preforming a login
ao the Linux system):
- When a Mac connects to a Server, the Server sends a random number. The
Clients
  encrypts the password and sends it. The server compares the password for
the client
  with the stored password (randnum - till here).
  The server gets a random number from the client and encrypts the password
which he thinks
  of to be the right one. This one gets compare by the client (2-way-randnum).
- So the server and the client need the original password (not a oneway
encrypted one!) to
  do this kind of authetification.

This was the problem (itīs simmilar with samba. Sambaīs solution is to keep
an own
password file - additionally the one keeped by the system).

Encrypted authentification is implemented in netatalk+asun but you have to
put a file called
".passwd" in the home directory of the user. You have to put in the
cleartext password and
set the permissions r+w only by the user.

Itīs never a good idea to store a password in cleartext. For the moment
itīs the only to use
the encrypted paswords with netatalk (ok, itīs not - but i wonīt set up a
kerberos server for it:-).

The best solution would be to have an own UAM (User Authentification
Module) an the Mac
side (the way WinNT - Services for Mac is doing it). Iīm not a Mac
programmer (nor any kind
of programmer). So if there is one outside the on the net PLEEEEEEESE do it...
Especially if you are located in Australia (so the people outside the USA
donīt have problems
with US export regulations ;-)))))).

So it wasnīt a simple question and not a simple answer.

Letīs get to SuSE... ;-))))
SuSE was the first distribution I was using (and my first contact to
linux). My opinion about it is:
- Itīs a teriffic distribution for beginners
- At the point you get a clue about linux, the whole system and the
programs you are dealing with
  SuSE become a horror.
- Ok, SuSE is not the problem - the problem is YaST. YaST starts to mess up
your hardly set up
  configfiles (especially the routing table - but also other stuff) and you
have to work around it
- The big advantages of SuSE are the good manual, the ISDN configuration,
better support of
  german (maybe also other languages) keyboard in the system and there own
XFree-Servers.
- For me a good basic system to build upon is RedHat (but that are the only
systems I know.(8--))))

>Thanks again,
>Kimon T.
>

Good luck...
Sascha Knific

>----------
>>From: Sascha Knific <knific@ibm.net>
>>To: Chip <cse@bruce.engr.ucf.edu>
>>Subject: Re: [netatalk-admins] Error Compiling
>>Date: Wed, Feb 24, 1999, 18:37
>>
>
>> Hi, hi,
>>
>> I think you should try to take a look at "sys/linux/Makefile" and add
>"-lcrypt"
>> to "AFPLIBS=...". So you should have a line like this:
>>
>> "AFPLIBS= -lrpcsvc -lcrypt"
>>
>> Now everything should compile fine.
>>
>> SuSE 6.0 is build on glibc6 and has no PAM.
>>
>>
>> Sascha Knific
>>
>>
>>
>>
>> At 15:05 23.02.99 -0500, you wrote:
>>>At 11:33 PM -0500 2/20/99, Kimon Tsinteris said:
>>>
>>>> Hi,
>>>>
>>>> I was wondering if somebody could help me figure out why
>>>>netatalk-1.4b2+asun2.1.2 is not compiling on my system. I am running
>>>>SuSE 6.0 and unfortunately the rpm that came with the distribution has
>>>>given me a rather misbehaved netatalk server.
>>>>
>>>> I have commented out Kerberos, afs, des, and PAM so all that remains I
>>>>think in my Makefile is tcp wrapper. This is the error I get:
>>>>
>>>> auth.o: In function `clrtxt_login':
>>>> auth.o(.text+0x74a): undefined reference to `crypt'
>>>> collect2: ld returned 1 exit status
>>>> make[4]: *** [afpd] Error 1
>>>> make[4]: Leaving directory
>>>>`/usr/downloads/netatak-1.4b2+asun2.1.2/etc/afpd'
>>>> make[3]: *** [all] Error 2
>>>> make[3]: Leaving directory
>>>>`/usr/downloads/netatalk-1.4b2+asun2.1.2/etc/afpd'
>>>> make[2]: *** [afpd] Error 2
>>>> make[2]: Leaving directory `/usr/downloads/netatak-1.4b2+asun2.1.2/etc'
>>>> make[1]: *** [../../etc] Error 2
>>>> make[1]: Leaving directory
>>>>`/usr/downloads/netatak-1.4b2+asun2.1.2/sys/linux'
>>>> make: ** [all] Error 2
>>>>
>>>> Any ideas? Thanks in advance!
>>>>
>>>> Kimon T.
>>>
>>>
>>>
>>>I am having the *exact* same problem with 2.1.2 on an RH5.2-intel
>>>system. (The only difference is the path to the netatak-1.4b2+asun2.1.2
>>>directory :-) Asun pre-asun2.1.2-5, right? I am also turning everything
>>>off except TCP wrapper.
>>>
>>>
>>>Turning of TCP wrapper (even though I use them) enlarges the error
>>>message somewhat:
>>>
>>>gcc -DNEED_QUOTACTL_WRAPPER -O1 -fomit-frame-pointer -fsigned-char
>>>-Wunused -Wuninitialized -I.
>>>./../include -DAPPLCNAME -o afpd unix.o afs.o kuam.o send_to_kdc.o
>>>lifetime.o ofork.o main.o
>>>switch.o auth.o volume.o directory.o file.o enumerate.o desktop.o
>>>filedir.o fork.o appl.o gettok.o
>>>bprint.o status.o afp_options.o afp_asp.o afp_dsi.o messages.o config.o
>>>nfsquota.o codepage.o -L..
>>>/../libatalk -latalk -lrpcsvc
>>>auth.o: In function `clrtxt_login':
>>>auth.o(.text+0x651): undefined reference to `crypt'
>>>../../libatalk/libatalk.a(dsi_tcp.o): In function `dsi_tcp_open':
>>>dsi_tcp.o(.text+0x8a): undefined reference to `request_init'
>>>dsi_tcp.o(.text+0x93): undefined reference to `sock_host'
>>>dsi_tcp.o(.text+0x99): undefined reference to `hosts_access'
>>>dsi_tcp.o(.text+0xa6): undefined reference to `eval_client'
>>>make[4]: *** [afpd] Error 1
>>>make[4]: Leaving directory `/root/netatalk-1.4b2+asun2.1.2/etc/afpd'
>>>make[3]: *** [all] Error 2
>>>make[3]: Leaving directory `/root/netatalk-1.4b2+asun2.1.2/etc/afpd'
>>>make[2]: *** [afpd] Error 2
>>>make[2]: Leaving directory `/root/netatalk-1.4b2+asun2.1.2/etc'
>>>make[1]: *** [../../etc] Error 2
>>>make[1]: Leaving directory `/root/netatalk-1.4b2+asun2.1.2/sys/linux'
>>>make: *** [all] Error 2
>>>
>>>
>>>Anybody have any ideas? Is this problem widespread, or are Kimon and
>>>myself just lucky?
>>>
>>>
>>>
>>>
>>> -Chip
>>>
>>>*~-~-~-~-~-~-~-~-~-~-~Cogito, Ergo Utor Macintosh~-~-~-~-~-~-~-~-~-~*
>>>| UCF, The University of | "'Individual rights' is a redundancy; |
>>>| Central Florida: The | there is no other kind of rights, and |
>>>| Zima of Higher Education | no one else to posess them." -Ayn Rand |
>>>*-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-*
>>
>>

This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:16:21 EST