[netatalk-admins] Mac OS 9 and secure passwords

Subject: [netatalk-admins] Mac OS 9 and secure passwords
From: Andy Lyttle (phroggy@webwizardry.net)
Date: Mon Oct 18 1999 - 15:20:55 EDT

• Next message: Chris McFarling: "[netatalk-admins] Dancing Icons"
• Previous message: Rob Newberry: "Re: [netatalk-admins] Long file names?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I haven't had a chance to play with Mac OS 9 yet, and I was wondering if
anyone else out there can answer this question.

http://developer.apple.com/technotes/tn/tn1176.html#appleshare

"The PBVolumeMount call (for AppleShare Servers only) no longer negotiates
a less secure connection than was requested in the UAMType field. This
means that a PBVolumeMount call that requests 2-Way Randnum Exchange
(UAMType = 6) will not fall back to using ClearText (UAMType = 2) . This
can be a problem when accessing servers that typically support ClearText
only, such as servers running on UNIX, NT or NetWare. The client will
negotiate to more secure authentication methods if they are available."

Does this mean that afpd will break, because cleartext passwords are no
longer supported at all? Or does it simply mean that if the server says
it can handle encryption and then will only accept cleartext, it won't
fall back on cleartext? The latter case would be a bux fix; afpd
obviously doesn't claim to support encrypted passwords, since the
AppleShare login dialog says it will use cleartext passwords.

When Windows 95 connects to an SMB server, it tries to use an encrypted
password, and falls back to a cleartext password if the server doesn't
support encrypted passwords. In Windows 98, it doesn't fall back to
cleartext passwords unless you hack the registry. Setting up encrypted
passwords in Samba is an annoyance I haven't had to deal with yet; I just
apply the registry patch to make Win98 work with cleartext passwords. I
assumed that Microsoft's motivation was to break anything that wasn't
Windows, but Apple shouldn't have a similar motivation, so I'm a bit
confused.

I haven't really seen much information on getting afpd to handle encrypted
passwords. I just have it set to do cleartext passwords, which is fine
(I'm not that concerned about security, since I also use POP3, FTP and
other insecure protocols; plus, I'm just running a LAN in my apartment).
Can afpd be set to use encrypted passwords? I'm assuming it's just as
annoying as getting Samba to do it, but I was thinking of doing that
anyway, so I might as well do both at once, if I can.

                    -=[ Andy Lyttle, phroggy@webwizardry.net ]=-

• Next message: Chris McFarling: "[netatalk-admins] Dancing Icons"
• Previous message: Rob Newberry: "Re: [netatalk-admins] Long file names?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:17:18 EST