Subject: Re: [netatalk-admins] DES, how to log in
From: Osma Ahvenlampi (oa@spray.fi)
Date: Mon Oct 05 1998 - 03:56:00 EDT
Cameron Hart <chart@design.wnp.ac.nz> writes:
> > I think that PAM is not needed if you just use 2-way-rand, since
> > /etc/shadow and /etc/passwd should not be consulted by netatalk when a
> > uaser needs to log-in. Changing of passwords should work as long as they
> > own ~/.passwd and have proper access to it.
> No, although I'm sure someone could write a PAM module to do this (if they
> were feeling masochistic :-)
Actually, I could use such a module, if it would enable on-the-wire
encrypted passwords for both Netatalk and Samba. I would be willing to
manually enter a passphrase during server restart if that would also
allow the PAM module to store the passwords in an encrypted form on
the disk (I'm aware that the server would have to keep this encryption
key in memory while running, but at least if someone stole the
machine, it wouldn't have plaintext passwords on disk).
I'd actually prefer to have one password for LAN file sharing (Samba
and Netatalk) and another for mail access, as long as I could write
some kind of Web interface or something that allowed both to be
changed (in addition to the password changing facilities of the file
sharing protocols themselves).
-- She is numb from her toes down. Osma Ahvenlampi <oa@spray.fi>
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:33:23 EST