So what do the various configure options mean? I've started
the list with the ones that I know, and will leave others to fill in...
Note that I haven't included all options here, just the ones that seem
to get people into/out of trouble most often. If you want another option
here, then write and tell me
what it does!
Currently we're running 1.5.3.1.
The notes below have been updated courtesy of comments
from Jonas Smedegaard - most of the comments that actually offer explanations
are his :o)
| Option |
Notes |
| prefix |
Netatalk will be installed in this directory. Nice for
keeping things neat. |
| with-config-dir |
I usually put it somewhere underneath /etc to keep things neat...
(/etc/netatalk)
This option is now deprecated, and was removed completely in the
final 1.5.
|
| with-pam |
Use pam libraries - nice to get some real password support into
macintoshes. Some macs don't like this and barf.
The "barfing" is probably not directly related to this
option.
Instead it happens when not including uams_clrtxt in the set of
UAMs offered to AppleShare Clients. Old clients will complain loudly
that "something weird is going on" because it only knows
about cleartext and randnum password negotiation. Semi-old clients
will instead (as I remember it) claim that any password is wrong
(it knows about non-cleartext negotiation but confuse DHX with randnum).
DHX and randnum becomes
available when using --with-ssl-dir.
|
| with-shadow |
Normal and shadow passwords are equally unencrypted, but
shadow passwords go a step further to allow read access only by
root to the "hashed" (also called "one-way encrypted")
passwords. Randnum passwords are _sent_ encrypted but _stored_ cleartext
on the server (and has nothing to do with shadow).
This option tells netatalk to use the "shadowed" passwords.
|
| enable-drop-kludge |
A much mentione option that is supposed to fix problems that people
experience with Quark Xpress. Using a 2.4.x kernel I didn't find
this so. As to what does it actually mean?
Apple filesharing has a special feature. When a folder has write
but not read access it becomes a "drop-box". What is tricky
seen from a unix standpoint is that not only should the file be
written, but ownership should also be passed on to the owner of
the folder - and that requires the operation to be done as root
(which is a security risk). The "kludge" has been added
(made to work) somewhat recently and hasn't been
tested widely...
|
| with-flock-locks |
Much mentioned again in Quark Xpress circles. This option tells
afpd to use flock instead of byte range locking on files. On 2.2.x
kernels this results in no file locking (bad), but at least your
Quark users can save documents... On 2.4.x kernels it means that
files apparently lock correctly, and is working for me so far.
|
| with-tcp-wrappers |
This option enables TCP Wrappers (a tool
written by Wietse venema (sp?)) support in Appletalk over IP connections.
This allows you to limit connections of this sort to a specific set
of hosts with the proper entries in the host.allow or host.deny files
for the tool.
TCP Wrappers is installed by default on most, if not all, Linuxes,
and is widely used on other Unices.
(Thanks to Bill Knox)
|
| enable-redhat |
Builds an init.d start/stop script for you.
It only builds it correctly for _you_ if you wear a red hat ;o)
|
| enable-timelord |
Enables the timelord part of netatalk. Force your mac
users to keep accurate time!!! |
|
enable-lastdid
--with-did=last
|
If you keep getting a bunch of messages in /var/log/messages about
files not having unique DIDs, then you probably want this. What
is a DID? Directory ID. What does this mean?
It has changed to --with-did=last (and is the default and
considered best method currently). You are not (completely) wrong.
On Macintosh HFS there is enough room internally in the filesystem
for unique identifiers of directories. On unix it is approximated
(depending on the method), and in reality one identifier can lead
to several files/folders - so deleting a single file can actually
make a whole folder with lots of subfolders disappear (yes, I have
experienced that!).
|
| enable-debug |
Useless. When trying it I didn't get a scrap of useful
information about users connecting, only the same screenfuls of garbage
repeating over and over again. I tried this in desperation, looking
for information about what was actually going on when certain things
failed, but they're not logged. You won't even see your regular messages
(DID conflicts, .AppleDouble permission problems et al). Being able
to specify a debug level in afpd/papd/atalkd would be much more useful! |
| enable-afs |
Andrew filesystem (part of a larger system were also
Kerberos
authentication is a part). An advanced filesystem - both a local and
a network filesystem. You have a laptop and will leave for home, so
you make sure to "work a little" on those files you want
accessible at home - then they "float closer to you" and
is stored on your own disk - and seamlessly is merged back on the
network when reconnected later... |
# ./configure --prefix=/usr/local/netatalk --sysconfdir=/etc/netatalk
--with-ssl-dir=/usr/local/openssl --enable-timelord --enable-redhat --enable-dropkludge
--with-did=last --with-flock-locks --with-uams-path=/etc/netatalk/uams
