Re: [netatalk-admins] Netatalk Security

Subject: Re: [netatalk-admins] Netatalk Security
From: a sun (asun@saul5.u.washington.edu)
Date: Thu Aug 12 1999 - 01:48:07 EDT

• Next message: J. A. Landamore: "[netatalk-admins] Compiling 1.4b2 with gcc 2.8.1 under Solaris 7"
• Previous message: Paul Friedrich: "[netatalk-admins] files moving"
• In reply to: Vicki Brown: "Re: [netatalk-admins] Netatalk Security"
• Next in thread: Ron Chmara: "Re: [netatalk-admins] Netatalk Security"
• Reply: a sun: "Re: [netatalk-admins] Netatalk Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

   OK. Logical. I can live with "cleartext" passwords. We're inside the
   firewall. Can this vary by user? If the user has a ~/.passwd file it's not
   clear going over the wire? Or will I have to switch everyone to the
   ~/.passwd regime if any one (highly placed and VIP person complains?)

it has to be set on a per-server basis. as noted in the readme, the
appleshare client will refuse to use anything but the encrypted random
number uams if they're offered. as the name implies, sending over an
encrypted random number is a pretty good way of authentication. it
only suffers from the fact that you need to know the password on both
sides for things to work.

   Is the ability to set a new password related to this?

passwords can be set in one of two cases:
          1) random number encryption. it modifies the ~/.passwd
             file.
          2) if you're using pam, it will work for cleartext passwords
             as well.

   netatalk-1.4b2+asun2.0a18.2-oa1a.ppc in order to allow setting passwords? I
   have source for netatalk-1.4b2+asun2.1.1. It claims to be building. Will
   this give me what I want? Is there an easier way? (I really am loathe to
   change out what's "working" now).

you probably should at least install asun2.1.3. it has fixes over
asun2.1.1.

   What the heck _is_ this "User Authentication Module" I keep getting yelled
   at about, anyway?

as you might guess from the name, user authentication modules are the
bits that grant or deny access to an appleshare volume. currently,
apple specifies guest, cleartext, 1-way random number, 2-way random
number, and diffie-hellman uams. other authentication methods also
exist. in my latest development snapshot, they're actually implemented
as modules.

> current development patchset also has support for it if you have
> access to the openssl libraries.

   doubtful. That hard, I don't want to work. This is my _part-time_ job.

it's really not that much work. you just download and install the
openssl libraries and change a single line in the main netatalk
Makefile.

-a

• Next message: J. A. Landamore: "[netatalk-admins] Compiling 1.4b2 with gcc 2.8.1 under Solaris 7"
• Previous message: Paul Friedrich: "[netatalk-admins] files moving"
• In reply to: Vicki Brown: "Re: [netatalk-admins] Netatalk Security"
• Next in thread: Ron Chmara: "Re: [netatalk-admins] Netatalk Security"
• Reply: a sun: "Re: [netatalk-admins] Netatalk Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:17:03 EST