Subject: Re: [netatalk-admins] Compiling poppassd under RedHat 4.2/5.0
From: Bill Studenmund (skippy@macro.stanford.edu)
Date: Wed Jan 28 1998 - 19:26:35 EST
On Wed, 28 Jan 1998, Carl Beaudry wrote:
> Mike Holling wrote:
>
> > What does poppassd have to do with netatalk?
>
> Nothing directly--except that it can be used to provide a graphical
> interface for changing passwords, which is of no small importance to
> sites using netatalk to support Macs without allowing telnet logins.
>
> And though it's possible to change people's shells to /bin/passwd (or
> somesuch), for a lot of sites, the ability to shut off telnet altogether
> is a useful security measure and I, for one, would love to see the
> Chooser's password changing command supported in some future iteration
> of netatalk and poppassd might be one way to accomplishing that since it
> already has some cgi support (wwwpass, etc.) and a reasonably well-known
> interface.
The deal w/ the Chooser password changing is, AFAIK it only works w/
two-way scrambled authentication. The latter requires the server (afpd)
know the plaintext password for the user. Stock unix authentication only
knows the one-way encrypted password, making password determination
require brute-force algorythms (encrypt a dictionary and see if the output
matches the encrypted password).
I think what the two-way scrambled authenticator that I've heard of does
is keep an afpd password in the user's home directory, clear text,
readable only by the user and root.
Take care,
Bill
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:30:37 EST