Subject: Re: [netatalk-admins] shared Logins on UNIX/Mac?
From: Will Cox (wcox@imageinc.com)
Date: Wed Aug 12 1998 - 11:06:05 EDT
<TANGENT>
I don't think a discussion of NT's (or UN*X's) security foibles
is quite appropriate to this thread, but for argument's sake :-)
The C2 rating is for 3.5 on a particular hardware platform, and has not
been maintained, so does not apply to 3.51 or 4.0, or to any other
hardware platform.
http://www.radium.ncsc.mil/tpep/epl/entries/CSC-EPL-95-003.html
</TANGENT>
I checked out the MacLogin UAM, and since the documentation's in MS Word,
don't think I'll end up using it. However, from the readme and description
on the web site, it doesn't appear to suit my purposes for a centralized
authentication source for both Apple ASIP and Linux netatalk user/pass
combinations.
http://users.ccnet.com/~kiberkli/maclogin/about-maclogin.html
Perhaps pam_ldap
http://anath.gmp.usyd.edu.au/pam_ldap/
ftp://anath.gmp.usyd.edu.au/pub/pam_ldap/pam_ldap-0.04.tar.gz
could work on the Linux side of things, provided you can authenticate or
sync the LDAP user/pass with ASIP.
There're are two LDAP directories coming out for Mac OS that purport to
store user account information for AppleShare/IP, but I've not worked with
the betas enough to know if they store user/pass combinations as well as
mail information. There's also discussion of this topic on the
appleshareip-list.
http://www.oneclick.com/server/specs.html
http://www.cesoft.com/quickmail/dirsys/mds.html
http://www.lists.apple.com/appleshareip.html
On the other hand, the password in most LDAP directories is stored and
passed over the wire in the clear (unless SSL is used, in which case it's
only stored in the clear). The only exception to this that I know of is
the Lotus Domino directory, which stores the password as a hash (but
that causes problems using the Domino directory for authentication to
non-Domino hosts).
/cwc
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:33:04 EST