How to Go About 2-Way Encrypted Passwords?

Subject: How to Go About 2-Way Encrypted Passwords?
From: Basil Hussain (basil.hussain@reserve.co.uk)
Date: Fri Sep 15 2000 - 10:45:25 EDT

• Next message: Matthew Temple: "Re: volume administrator"
• Previous message: Paul Reilly: "AppleVolumes.default?"
• Next in thread: Marc J. Miller: "Re: How to Go About 2-Way Encrypted Passwords?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

I've been running Netatalk on a couple of Linux systems now for several
months, however the thought just crossed my mind that it was about time I
tried to tighten up security for it. So, I want to start using 2-way
encrypted passwords (as opposed to clear text, which is what I'm using at
the moment).

Before I start describing my trouble, here's some info which'll probably be
handy for you to know:

    # uname -mrsp
    Linux 2.2.5-15 i686 unknown
    [i.e. RedHat 6.0]

    # rpm -q netatalk openssl
    netatalk-1.4b2+asun2.1.3-8
    openssl-0.9.5a-1

    Testing with a 'Blueberry' iMac:
    MacOS 9.0.4
    AppleShare extension v3.8.6

I have read various parts of the mailing list archive and Anders
Brownworth's HOWTO. Below is what I've gathered so far.

* You need a DES library installed. I remember reading somewhere that
OpenSSL will suffice. I have OpenSSL installed already and working with
OpenSSH.

* You need to put a .passwd file containing the login password (no longer
than 8 characters) in clear text in your home directory. I have done this -
in my case '/home/basil/.passwd':

    # echo "mypasswd" > .passwd

* You must specify that only encrypted passwords are to be used for the
server in afpd.conf. I have done this, like so:

    "spectrum.reserve.co.uk" -randnum -rand2num -nocleartxt -noguest

Now the problem. When I make the config change to afpd.conf (it was blank
before, just using defaults) and restart netatalk, like so:

    # /etc/rc.d/init.d/atalk restart
    Shutting down AppleTalk services:
    Starting AppleTalk services: (backgrounded)

Everything appears fine, no warnings or errors. However, if I then attempt
to connect from the Mac using the Chooser, I just get an error popup after a
couple of seconds proclaiming:

    "The User Authentication Method required by this server can't be found,
please check the AppleShare folder in the Extensions folder and try again."

This what happens in /var/log/messages during this:

    Sep 15 15:27:50 spectrum afpd[765]: refused connect from 195.216.17.40
    Sep 15 15:27:50 spectrum afpd[765]: dsi_getsess: Interrupted system call

I'm fairly stumped as to what could not be right. Unless of course, it's
something really stupid like the RPM package not having encryption support
built-in...

Regards,

-------------------------------------------
Basil Hussain (basil.hussain@reserve.co.uk)

• Next message: Matthew Temple: "Re: volume administrator"
• Previous message: Paul Reilly: "AppleVolumes.default?"
• Next in thread: Marc J. Miller: "Re: How to Go About 2-Way Encrypted Passwords?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:32:10 EST