Subject: Re: building netatalk 1.3.1 for kaserver authentication
From: Matthew V. J. Whalen (whalenm@tis.telos.com)
Date: Fri May 20 1994 - 10:40:10 EDT
Since I have received other requests now for help with netatalk
with kaserver (Kerberos from Transarc), I am sending a very
brief description of what seems to be the most common problems
and how to deal with them....
Since this seems to be a very common problem, I'm trying to
write a little summary of how to install netatalk using
Transarc's kaserver instead of MIT Kerberos 4.
I am assuming that you have been able to compile and link
all the netatalk pieces using the -DAFS flags for afpd.
Things that seem to get a lot of people confused:
1) libkrb: If you are using the kaserver, you must remember
that the string-to-key function is different for the kaserver.
From the kerberos FAQ: "...the AFS version uses the realm
name as part of the computation while the MIT version does not."
This means that you must change the string-to-key function in
your libkrb. If you do not have this patch, I can provide one
for you. The one I have came from the University of Michigan
and is (I think) provided without any support whatsoever.
2) /etc/srvtab: This seems to confuse a lot of people too since
kaserver doesn't have a srvtab. You need to pick up ksrvutil
from ftp://export.acs.cmu.edu/pub/kerberos/ksrvutil.tar.Z.
Make sure that you compile it with the changed libkrb mentioned
above. Use this to create a principal with the form:
afpserver.nbpname@realm.
I didn't find this to be very clear, so let me elaborate:
I called my afp server "AFS_Translator" (the chooser name),
and my cell name is telos.com. So....my entry in /etc/srvtab
is afpserver.AFS_Translator@TELOS.COM. Be aware that if you
do not specify an afpserver name, it will default to the
server machine's hostname (not fully qualified). Install the
srvtab that ksrvutil created.
3) UAM: Pick of from the University of Michigan the Macintosh UAM.
I don't know why Apple does the things they do, but the UAM is
not so obvious to install - By default, your Macs will not create
the folder you need to place it in. In the system folder, create
a folder called "AppleShare Folder" and place the UAM there.
I've been told that Michigan has a UAM that allows you to
use passwords longer than 8 characters. You might want to
try talking to Marcus Watts - he seems to know what's going on -
or you could try Wes Craig. If you install this UAM, you probably
want to also modify the source code to allow users to change their
passwords to be longer than 8 characters. Look in the file
{netatalk}/etc/afpd/passwd.c for the change. I have wanted to
(but not done it) make the changes to use the kpwvalid program
that is part of AFS 3.3.
4) If you get all this going, then notice that you have no volumes
to mount, you probably want to use a default AppleVolumes files.
If you are using netatalk 1.3.1, look in the man page for afpd - it
will tell you what you need to do.
Finally - a little plug for something that I am desperately hoping that
someone is working on (I know that wes is hoping that someone else will
do this too). If anyone gets netatalk working under Solaris 2.3, please
let me know!
Anyway - hope that this helps - and feel free to send me email if you have
any more problems.
-matthew
whalenm@tis.telos.com
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:20:56 EST