Re: netatalk security vs. ftp, ssh

Subject: Re: netatalk security vs. ftp, ssh
From: Tom Fitzgerald (tfitz@MIT.EDU)
Date: Mon Jul 31 2000 - 15:29:00 EDT

• Next message: Jürgen Weltzer: "Re: asun2.1.4pre39-5mdk (file damage)"
• Previous message: Tom Fitzgerald: "Re: netatalk security vs. ftp, ssh"
• In reply to: andrew morgan: "Re: netatalk security vs. ftp, ssh"
• Next in thread: Ron Chmara: "Re: netatalk security vs. ftp, ssh"
• Reply: Tom Fitzgerald: "Re: netatalk security vs. ftp, ssh"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > 3) To use encrypted authentication with clients older than MacOS 9, the
> > user passwords must be stored in cleartext on the server. This isn't
> > actually as much of a problem as one might think, since anyone who can
> > break in far enough to get the passwords could also get the passwords
> > by other means even if they were encrypted on disk.
>
> I have to disagree with this. I have DHX encrypted logins working with
> my mac running OS 8.6. This is using PAM and a regular /etc/passwd file
> on the server. Maybe this is only true for randnum encryption?

Er, you're right. Anything from MacOS 8.1 on can do DHX as long as it's
upgraded to AppleShare Client 3.8.5 or later. (And you want 3.8.6 to
fix a bug that'll crash you if you type a bad username or password during
DHX authentication.)

Suddenly DHX looks much more useful than I thought it was.

• Next message: Jürgen Weltzer: "Re: asun2.1.4pre39-5mdk (file damage)"
• Previous message: Tom Fitzgerald: "Re: netatalk security vs. ftp, ssh"
• In reply to: andrew morgan: "Re: netatalk security vs. ftp, ssh"
• Next in thread: Ron Chmara: "Re: netatalk security vs. ftp, ssh"
• Reply: Tom Fitzgerald: "Re: netatalk security vs. ftp, ssh"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:31:45 EST