Subject: [netatalk-admins] supported UAMs
From: Michael M Han (han@windy.ckm.ucsf.edu)
Date: Mon Apr 06 1998 - 13:52:10 EDT
Hello all. Now that my netatalk is happily installed I've begun
worrying a bit about security. Because I can't use kerberos and don't
want to store any cleartext passwords, I'm transmitting clear-text
passwords on my network, which I'm not liking. So I have a couple of
questions about UAMs now.
First, it seems that the latest AppleShare Client (3.7.2, right?) has
no support for 3rd-party UAMs for afp over ip connections. This
certainly seems a problem. Apple doesn't seem to be showing much
interest in addressing it either, since ASClient3.7.2's been out for
quite a while now. Anyone have more information on 3rd-party UAMs and
ASClient? Being limited to randnum and cleartext for Internet
communications seems like a real bad thing.
My other question is about a 3rd-party UAM. Namely, the Microsoft UAM
provided with NT Server. It has its own security problems, but I think
they're lesser than those of clear-text and randnum. Samba already
delivers a nice set of password management tools and password.c from
their source (GPL'd) seems to be ripe for the taking. Hacking yet
another UAM into auth.c would be messy, but could be worth it. I'd
give it a shot myself but fear the likely results (I'm no programmer).
Anyone have any thoughts on either question?
_____
Michael Han (han@library.ucsf.edu) voice: (415) 502-7542
Interactive Learning Center Consultant (415) 476-4309
San Francisco, California 94143-0840 fax: (415) 476-4653
"Closed Mondays." The Walker Art Center
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:32:13 EST