Subject: Re: Password change=lockout
From: Benjamin Gilbert (i479@prism.simplenet.com)
Date: Mon Jan 24 2000 - 13:35:31 EST
>>> After three of my four users have changed their passwords in the past
>>> few days, they can no longer mount shares via netatalk. They can connect
>>> fine with telnet, FTP, samba, etc., just not netatalk. Is there some cache
>>> I need to flush or some such?
>> If, however, you're using cleartext passwords: if your /etc/passwd (or
>> /etc/shadow) is set up to store more than the first 8 characters of
>> passwords (using MD5 encryption or somesuch), be aware that AppleShare
>> authentication (excluding the new DHX UAM, I believe) doesn't support
>> passwords longer than 8 characters.
>The AppleTalk dialog does say we're using cleartext, and I have tried
>setting the users' passwords to long (9+) and short (8 or less) values, but
>nothing seems to work for any user who has changed his password recently. I
>am hesitant to change my own at this point.
Are you using PAM? Is netatalk compiled with PAM support? Do the
pam_pwdb settings in /etc/pam.d/login match those in /etc/pam.d/netatalk?
Oh, and --
>I am running Netatalk 1.4b on RedHat 6.1 with MacOS 9 clients. We've had
Do you mean netatalk+asun, or really netatalk 1.4b2? If you're not using
the asun patches, netatalk doesn't support PAM and won't be able to read
MD5 passwords in /etc/shadow. You might want to upgrade your netatalk...
<ftp://ftp.cobaltnet.com/pub/users/asun/testing/pre-asun2.1.4-37b.tar.gz>
--Benjamin Gilbert
This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:29:53 EST