Subject: Re: [netatalk-admins] Can't log on with RedHat 6.0...found a solution!!!!
From: Ryan Cleary (tryanc@interdim.com)
Date: Thu Dec 02 1999 - 21:10:53 EST
Thierry Michalowski wrote:
> So, some thoughts:
> a Mac (through MacOS8.6 at least) doesn't allow to type in a password that is
> more than 8 characters long in a login box from the Chooser.
> I assumed that netatalk counted only on the 8 first characters of the typed
> password to authenticate a user: this must be false...and I suppose this should
> be the case until the Mac chooser supports more than 8-characters passwords!
> If this _is_ the case, then I'd like to know how it could be - still - a
> configuration problem...
(sorry for replying to this so late, but I'm behind in the mailing list)
You've almost got it right. Before md5 passwords, using the standard
crypt passwords, Linux only cared what the first 8 characters were in
creating the /etc/passwd hash. So the fact that MacOS only uses 8
characters didn't matter. Now, with md5, your whole password (IIRC) is
used to create the hash in /etc/passwd, and if your password is more
than 8 chars, it'll never match from netatalk.
What you mistook as netatalk only comparing the first 8 characters we
actually Linux only caring about the first 8 characters.
A solution is to use the DHX UAM (with pam), which encrypts the full
password, bypassing the 8 character limitation of Apple cleartext and
randnum/rand2num passwords.
That's what I use at my site, where I have a PAM module which
authenticates against a Kerberos database.
--Ryan Cleary
sysadmin, interdimensions
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:17:31 EST