Subject: Re: [netatalk-admins] REPOST: purpose of PAM, crypt, and DES
From: patrick finerty (zinc@zifi.genetics.utah.edu)
Date: Mon Feb 16 1998 - 17:15:27 EST
Hi,
so, i guess my question really relates to the (Clear-Text) message I
see in the Mac Chooser when connecting to my Linux machine. Using DES
doesn't change this message. I guess I'm wondering if the 2way randnum
is implemented for netatalk or not and if using DES or PAM is supposed
to add support for it.
thanks,
-patrick
On February 16, 1998, Andras Kadinger wrote:
> - I suppose, You get authenticated when logging on to the afpd volume.
> If You use cleartext (on the network) passwords, then afpd can either
> call crypt and compare the results with /etc/passwd (or the shadow
> version of the same), or use the cleartext (on disk) password stored in
> the user's home directory (I'm afraid I can't remember the magic
> filename discussed before - it should be in the source or in the list
> archives). In the case You use 2way randnum (on the network) passwords,
> then both the password (on the network) and the password (on the disk)
> are encrypted, so netatalk has no way to easily compare them (without
> searching the keyspace of either one), and so has to rely on the above
> mentioned magic file containing the cleartext password - it can encrypt
> it then (not with crypt in this case, but with whatever algorithm is
> used in the Mac 2way randnum authentication), see, if it matches. One
> other encryption mechanism used instead of 2way randum (whatever that
> is) might be DES, I suppose; the situation should be the same in this
> case then.
--
"There is only one aim in life and that is to live it."
Karl Shapiro,(1959) from an essay on Henry Miller's Tropic of Cancer
finger zinc-pgp@zifi.genetics.utah.edu for PGP key
http://zifi.genetics.utah.edu
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:30:57 EST