Subject: Re: netatalk security vs. ftp, ssh
From: andrew morgan (morgan@orst.edu)
Date: Fri Jul 28 2000 - 20:10:51 EDT
On Fri, 28 Jul 2000, Kevin Chan wrote:
> Hi, I am the systems administrator for my company and I have been trying to
> find a way to shut down ftp access to our server. This would entail
> finding an alternative file transfer protocol, such as some sort of GUI-scp
> or a combination of netatalk and samba(?) or something else.
>
> What I really want to know is if there are any place (or anyone) that will
> tell me the vulnerabilities of using netatalk. I am convinced that it is
> an improvement over ftp, but I am not convinced that I should implement
> it. Furthermore, we just moved our server and though I have not compiled
> pam_smb or anything, the chooser menu says that the passwords are encripted
> (whereas before it use to be clear-text). I think this is due to the new
> kernel, but can anyone enlighten me on this?
The DATA stream in a netatalk session is not encrypted, but you can have
several forms of encrypted LOGIN (Diffie-Hellman exchange or random number
exchange). If you have encrypted passwords now, it is probably because
netatalk was compiled with that support or you have the openssl libraries
available now.
Andy
This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:31:40 EST