Subject: [netatalk-admins] kerberos/authman & netatalk
From: Charles Allen (impala@CLEMSON.EDU)
Date: Fri Apr 30 1999 - 02:21:54 EDT
Please forgive this novice question. All the netatalk documentation seems
to
assume the admin is familiar with Kerberos. I am not. Please describe the
relationship between netatalk, kerberos, and authman. Does netatalk, or
specifically afpd, use a "Kerberos style" authentication where it makes
i'ts
own keys? OR does it require a "full blown" kerberos keyserver setup as
described in http://www.ornl.gov/~jar/HowToKerb.html ??
Is that setup as easy in Solaris 2.6 as in Linux?
Also, documentation is a little unclear if Kerberos also requires DES
librarys
separately included in the make options.
I added DES but not KERBEROS in an attempt to get encrypted passwords
a'la RAND2NUM.
BUT my mac logins still reported clear text passwords and even worse they
would hang for 2+ minutes before returning an "Server quit unexpectedly"
message. Incorrect passwords failed immediately as they should.
DES with no KERBEROS seemed to break things.
BTW: I'm also a bit confused as to the .passwd file. does it contain the
password as the only text or do I include a username?
Is the password different from the regular unix password?
I may be willing to live with RAND2NUM if I conceed the server isn't
99% secure.
Seems like an awful lot of trouble just to encrypt passwords.
I have latest netatalk+asun working on Solaris 2.6 using atalkd & tcp/ip
WITHOUT DES or KERBEROS. Only problem is the clear passwords.
If I can get this to work & share a dir with SAMBA it will be way cool!
Thanks,
- Charles
impala@clemson.edu
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:16:39 EST