Re: more netatalk pain; encrypted passwords

Subject: Re: more netatalk pain; encrypted passwords
From: rgp systems (rgp@systame.com)
Date: Wed Oct 11 2000 - 18:08:48 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: philippe tapon: "Re: YDL 1.2.1"
• Previous message: dsbelile: "Re: WORKS!!! (dual g4 ethernet)"
• Maybe in reply to: Nathaniel Irons: "more netatalk pain; encrypted passwords"
• Next in thread: Tom Arnold: "PCI card to support IDE disks on PPC 7500 w/Linux?"
• Maybe reply: rgp systems: "Re: more netatalk pain; encrypted passwords"

>

> From: Nathaniel Irons <beppo@bumppo.net>
> Reply-To: yellowdog-general@lists.yellowdoglinux.com
> Date: Tue, 10 Oct 2000 16:29:01 -0700
> To: YDL-general <yellowdog-general@lists.yellowdoglinux.com>
> Subject: more netatalk pain; encrypted passwords
>
> Thanks to an episode of patient off-list assistance, netatalk
> 1.4.99-asun eventually built. My first problem was in using the umich
> 1.4b2 sources, which I assumed were more recent than the
> asun/sourceforge version after I couldn't get the asun sources to
> compile. Turns out one has to run ./autogen to create usable makefiles,
> a step not mentioned by the various readmes or the HOWTO.
>
> With that out of the way, netatalk installed fine, but I could only log
> in as guest. The HOWTO suggests that out of the box, netatalk can't
> authenticate with shadow passwords, and recommends adding either
> -DSHADOWPW or -DUSE_PAM to CFLAGS in the afpd Makefile. Builds with
> those options (after rebooting, and checking the dates on the binaries
> to make sure the subsequent installations had taken) yielded no changes;
> I still couldn't log in with a username/password.
>
> So I finally broke down, scrapped the binaries, and installed the RPM
> from a YDL mirror (netatalk-1.4b2+asun2.1.3-8.ppc.rpm). Now I can log
> in as various users, which it apparently authenticates through PAM
> (judging by the new netatalk file in /etc/pam.d/).
>
> So everything works, except passwords are still being sent in cleartext.
>
> The HOWTO says explicitly that two-way encrypted passwords are used when
> netatalk is compiled with libdes, and when a file containing the
> password exists at ~/.passwd with 600 permissions. If this is true,
> then the netatalk RPM was not compiled with libdes -- I don't know if
> it's possible to verify this another way.
>
> Somewhere in my reading of the last two days, however, I came under the
> impression that encryption also has to be enabled within afpd.conf, or
> authentication defaults to cleartext. If this is true, I can't suss out
> the syntax -- there's an optional UAM field in the afpd.conf options,
> but I don't know which, if any, I want (between cleartxt, afskrb, krbiv,
> guest, randnum, and rand2num). I tried them all, of course.
>
> My afpd.conf entry looks like this:
>
> Name_in_chooser -transall -noguest -loginmesg "sample" -randnum
>
> Any help appreciated.
>
> -nat

THere is a 1.4.99 src rpm at sourceforge. I installed this successfully but
still haven't figured out encryption. The best encryption method to use is
DHX (which requires openssl to be installed). OS 8.5 and above are
_supposed_ to be able to use DHX, but I haven't got it working yet.

I'll let you know when I do.

-- 
Randy Perry
rgp systems
Mac Consulting/Sales

• Next message: philippe tapon: "Re: YDL 1.2.1"
• Previous message: dsbelile: "Re: WORKS!!! (dual g4 ethernet)"
• Maybe in reply to: Nathaniel Irons: "more netatalk pain; encrypted passwords"
• Next in thread: Tom Arnold: "PCI card to support IDE disks on PPC 7500 w/Linux?"
• Maybe reply: rgp systems: "Re: more netatalk pain; encrypted passwords"

This archive was generated by hypermail 2a24 : Wed Oct 11 2000 - 18:15:43 MDT