Subject: Re: [netatalk-admins] Password
From: Richard Knuckey (richardk@iprolink.co.nz)
Date: Sun May 17 1998 - 19:23:14 EDT
At 2:07 am +1200 18/5/98, Regis Koenig wrote:
>Is there a way to allow customers on mac (under MacOs 8) to change their
>Unix/Netatalk password ?
>
It is possible, but not without extra software on the mac. The reason is
that unix stores passwords trap-door encrypted, which means that it is not
possible to extract the original password. The client encrypts the password
and compares it agains the encrypted version on the server.
Appleshare works differently. On the server the password is stored as
cleartext, and client/server sends each other random numbers to encrypt
this password with.
To change the password, the server needs access to the clear text password,
and AppleShare does not allow password changing when using cleartext
authentication, only when using 2-way rand num encryption.
You can install Kerberos Authentication to get around this, there are both
mac plug in authentication modules for AppleShare and netatalk can support
this. Set up is quite involved though.
An earier way is to allow a 'out of band' method of changing password. On
my system I wrote a daemon for Eudora's Change Password feature, (I ported
poppassd to PAM) so users on macs and windowz boxes can change their
unix/samba/appleshare password from within Eudora.
Another way would be a web page that called a change password cgi.
---------------------------------------------------------------------------
Richard Knuckey rknuckey@techniche.co.nz
Technology Manager DDI +649 573 5923
Techniche, a division of Blue Star Print Group Limited Fax +649 573 1803
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:32:43 EST