Re: [netatalk-admins] DES, how to log in

Subject: Re: [netatalk-admins] DES, how to log in
From: Cameron Hart (chart@design.wnp.ac.nz)
Date: Sun Oct 04 1998 - 18:55:30 EDT

• Next message: Cameron Hart: "Re: [netatalk-admins] DES, how to log in"
• Previous message: Pat Trainor: "[netatalk-admins] case in files"
• In reply to: Mike: "Re: [netatalk-admins] DES, how to log in"
• Next in thread: Mike: "Re: [netatalk-admins] DES, how to log in"
• Reply: Cameron Hart: "Re: [netatalk-admins] DES, how to log in"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi again,

> Yes, we are using the the asun "stable" source tree. (We are demonstrating
> the stability of Linux and daemons right now and are trying to avoid the
> pre/alpha releases of software. I have heard good things about the
> stability, and improvements to performance with the 2.x pre dist, but I am
> still using the older...)
>
> Options that we have enabled that relate to passowrd:
> -nocleartxt -norandnum -rand2num -savepassword -setpassword
>
> (We are using a number of other flags, but these are the ones that have
> to do with passwords and authentication.)
>
> Do you have these enabled?

Previously, my options were the same as yours, except for -norandnum. I had -randnum
enabled. Turning this off made password changing work for me. Seems wierd I thought it
would have just defaulted to 2 way randnum for changing pw anyway?

> What happens when you set -norand2num -norandnum and *only* allow
> plain-text/clear-text passwords (just for testing) ? If the user is still
> not able to save their password, it is likely that the DES additions are
> not the cause of your problems.

When I tried to change the password with cleartext enabled and randnum disabled, I got
an error message back saying something to the extent of ' invalid password', then I
get disconnected. I'm not sure what is going wrong here. Again I can log in without a
problem, but changing the password fails.

I am using Shadow passwords and Linux PAM. My /etc/pam.d/netatalk file looks like
this:

#%PAM-1.0
auth required /lib/security/pam_pwdb.so shadow
account required /lib/security/pam_pwdb.so
#password required /lib/security/pam_cracklib.so
#password required /lib/security/pam_pwdb.so shadow use_authtok
session required /lib/security/pam_pwdb.so

I don't really know much about PAM, so maybe I am missing something here?

Thanks,

Cam.

> What happens when you set the svaepassword and setpassword options?
>
> Just a few more things to check...
>
> -Mike
>
> On Thu, 1 Oct 1998, Cameron Hart wrote:
>
> > Date: Thu, 01 Oct 1998 13:46:29 +1300
> > From: Cameron Hart <chart@design.wnp.ac.nz>
> > To: "netatalk-admins@umich.edu" <netatalk-admins@umich.edu>
> > Subject: Re: [netatalk-admins] DES, how to log in
> >
> > Yes, I have a ~/.passwd file with 0600 permissions. I am using
> > netatalk-1.4b2+pre-asun2.1.0-10a, what version are you using? BTW, I also compile
> > against PAM, so that is DES and PAM. Do you think they would conflict?
> >
> > Cam.
> >
> > Mike wrote:
> >
> > > Hello,
> > > Yes, I use 2-way-scrambled, and all of my users are able to change their
> > > passwords.
> > >
> > > Do your users own the file ~/.passwd with chmod 600 ?
> > >
> > > -M
> > > --------------------------------------------------------------------------
> > > Systems Department Operating Systems Analyst for the Ruben Salazar Library
> > > of California State University at Sonoma.
> > > /UNIX(/BSD/SysV)\N_NW[.]VMS\WNTS\WNTW\W95\W311\WFWG\DOS:MacOS/NeXTSTEP
> > > --------------------------------------------------------------------------
> > >
> > > On Thu, 1 Oct 1998, Cameron Hart wrote:
> > > [chop]
> > > > While on the subject of DES and randnum authentication. I have successfully
> > > > compiled against libdes, and logged in using 2 way randnum authentication.
> > > > However, I got the impression from auth.c in the afp code, and probably
> > > > something I read somewhere, that I could change password when using 2-way
> > > > randnum. I have yet to successfully do so. Has anyone managed to get this
> > > > working?
> > > >
> > > > Cam.
> > > [chop]
> > > > Paul J. Schinder wrote:
> > > > > On Wed, Sep 30, 1998 at 09:13:52AM -0700, Paul Krohn wrote:
> > > > > } with lots of generous help from people on this list, i've successfuly
> > > > > } compiled & installed netatalk on a couple of test systems & am very close
> > > > > } on my destination system.
> > > > > }
> > > > > } on my test system, when i try to log in using AppleShare 3.7.4, i get a
> > > > > } dialog box that specifies clear text, scrambled, or two-way scrampled
> > > > > } depending on whether i've specified
> > > > > } -cleartxt, -randnum, or -rand2num. If either of the latter two are
> > > > > } specified, my user/pass combo fails - 'your password is incorrect. please
> > > > > } re-enter it'.
> > > > > }
> > > > > } what have i forgotten?
> > > > >
> > > > > randnum does not use /etc/passwd. Do you have your netatalk password
> > > > > in cleartext in a file named .passwd in your home directory? (For
> > > > > security's sake, it should, of course, *not* be the same as your
> > > > > regular password.)
> > > [chop]
> >
> >

• Next message: Cameron Hart: "Re: [netatalk-admins] DES, how to log in"
• Previous message: Pat Trainor: "[netatalk-admins] case in files"
• In reply to: Mike: "Re: [netatalk-admins] DES, how to log in"
• Next in thread: Mike: "Re: [netatalk-admins] DES, how to log in"
• Reply: Cameron Hart: "Re: [netatalk-admins] DES, how to log in"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:33:23 EST