Subject: [netatalk-admins] 2-way encrypted passwords
From: Andrew Snell (snell@store.unc.edu)
Date: Wed Mar 10 1999 - 15:29:36 EST
Hey all, I have been having problems getting the 2-way password encryption
to work. perhaps one of you can see something I've overlooked.
I'm running netatalk-1.4b2+asun2.1.3 on a sparc solaris 2.6 machine. I am
using libdes 4.01, tcpwrappers 7.6, building with gnu make and egcs 1.1.1.
I was able to build everything just fine, added the required
entries in /etc/services, installed the driver in the kernel (actually it
was already there from the previous install, which I moved to atalk.old
directory...). Also edited inetd.conf so that tcpwrappers would work. I
placed 'le0' in the atalkd.conf file, as per the README.SOLARIS, and added
the required ddp line in /etc/netconfig.
I used the following entry in my afpd.conf file:
"Staging Server" -noguest -tcp -savepassword -setpassword -rand2num
Then, I tried to connect. Didn't work. OK, so I set up TCP wrappers
to let my IP address in. Still no go. So, I follow the directions of folks
on the list, and have a ~/.passwd file, mode 000, with the proper password
cleartext. The message in the logs about not being able to read that file
goes away, but I still can't connect.
At this point, I decided to simplify a bit. I removed the
-setpassword directive, and sure enough, the 'Change Password...' button is
grayed out from the mac. So at least changes in the afpd.conf file were
taking effect.
Then, I removed the -rand2num directive. Everything worked without
a hitch -- afpd picked up the vol list from ~/AppleVolumes.
So, the functionality is beautiful -- this does everything I want.
BUT, cleartext passwords make me nervous, especially on a largely flat
campus network such as this. Does anyone see anything that is preventing me
from using the 2-way encryption feature? Any information that you all could
provide would be greatly appreciated. Thanks for your time,
- Andrew
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:16:25 EST