Re: Macs in chooser using TCP

Subject: Re: Macs in chooser using TCP
From: andrew morgan (morgan@orst.edu)
Date: Mon Aug 28 2000 - 12:00:38 EDT

• Next message: Aaron Levitt: "Re: Macs in chooser using TCP"
• Previous message: Chris G. Sellers: "Strange Disappearance for DDP support..."
• In reply to: Aaron Levitt: "Re: Macs in chooser using TCP"
• Next in thread: Aaron Levitt: "Re: Macs in chooser using TCP"
• Reply: andrew morgan: "Re: Macs in chooser using TCP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 28 Aug 2000, Aaron Levitt wrote:

> Well.. after mucking around with netatalk, I couldn't get the box to
> show in the chooser with the -noddp flag, so I just removed the flag
> from my afpd.conf. I am still using the pre39 version on a 2.2.14
> kernel and it appears to be fine aside from that. As far as I can
> tell, it still defaults to afp-over-tcp. I tested it on various macs
> with various OS's and they all pick tcp.

Advertising in the chooser *requires* using DDP (AppleTalk). However,
when the mac connects to the server over DDP, the server can tell the mac,
"hey, I'm also available over TCP/IP at this address: xxx". Then the mac
will reconnect to the server with that IP address. Bottom line: if you
want to browse for servers, you need AppleTalk, as you discovered.

> One side notes I noticed I thought I would point out, is when I
> compiled the source, I enabled all the various password authentication
> I could (with the exception of kerberos). With OS9 (I guess from the
> new changes in the security code) it automatically uses "Encrypted
> Password Transport" which seems pretty secure. I sniffed the network
> and was unable to see the passwords, though I am not sure which method
> it uses on the unix side (looking at /var/log/messages, I would guess
> PAM). So with OS9, you don't need to use the .passwd file in the home
> dir and you don't end up with cleartext passwords floating around your
> network.

You are using DHX encrypted passwords, which you get by setting the
CRYPTODIR variable in the top-level Makefile. Basically, DHX encrypts
your password using SSL routines before sending it across the network. I
don't know why anybody would use rand2num passwords instead. I don't want
my cleartext password sitting in a file on the network! DHX support is
already included in OS9 and all the versions of OS8 I have tried.

        Andy

• Next message: Aaron Levitt: "Re: Macs in chooser using TCP"
• Previous message: Chris G. Sellers: "Strange Disappearance for DDP support..."
• In reply to: Aaron Levitt: "Re: Macs in chooser using TCP"
• Next in thread: Aaron Levitt: "Re: Macs in chooser using TCP"
• Reply: andrew morgan: "Re: Macs in chooser using TCP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:32:05 EST