far edge Products & Services Company Information Home Contact Far Edge

Grrr...
Main Menu
./configure ???
Authentication
File sharing
Printing
Linux kernel 2.4
Linux kernel 2.2
Quark Xpress
Error messages
Network Trash
Wish List


Netatalk

Authentication

My notes here are gleaned from the emails of others, and credited where appropriate.

Courtesy Thomas Kaiser (edited)...

With cleartext and 2-way randnum authentication there was an limitation in
the passwords length. This limitation no longer exists when using DHX
authentication, which is built into recent AppleShare clients (so you can
use passwords with more than 8 chars without modifiying anything on your
mac)

If a Mac contants an AFP server then the server will answer the macs
FPGetSrvrInfo request with a list of UAMs it can handle. Some of them are
built-in, some of them may not. So the AppleShare client looks into the
system folder for UAMs. If there is an UAM, that matches the servers then it
will be used.

If you want to connect to NTs Services for Macintosh for example, you have
the ability to use cleartext and 2way-randnum (without dropping uam files
into the macs system folder) or you copy the MS-UAM to your mac and can use
an authentication method that allows passwords with 14 chars in length and
stronger encryption.

There are also Patches available that can be used with AppleShare IP.
Afterwards you can authenticate via PGP with your server. :-)

To work, you'll need the uam working on both the server and the client.

With AppleShare Client 3.6 (or 3.7? -- can't remember) Apple supported
third-party UAMs. When using the dhx uam with netatalk and recent AppleShare Clients on your Macs (3.8.6 or 3.8.8) then you will use automatically DHX authentication between client and server. So you will be able to use longer passwords.

Quick tip:
- To enable dhx authentication in the server... add the following to your afpd.conf file:
"my place" -uamlist uams_dhx.so

Other notes from David Haas, on getting shadow pass to work:

The problem: Whenever I try to log on from a Mac OS 8.1 box
to my netatalk server, I get a "Sorry, your password is incorrect" when it
definately is not. I'm 99.9% convinced the problem is that netatalk isn't
reading the shadow passwords - but my pam & dhx modules always fail to load
with mod_symbol errors.

Solution:
(Chris): Not really sure any more! But some things to consider... if you have more concrete info let me know and I'll put it in

  • Install openssl
  • Install libdes (as per http://www.anders.com/projects/netatalk/ )

  • Third: the -lwrap/TCPWRAP thing has got to be a bug. It's definately not compiling (for me at least) with tcp wrapper support unless I manually add those lines in, even if I specify --with-tcp-wrapper in the configure step

Home | Company Information | Products & Services | Contact Us