Subject: Re: How to Go About 2-Way Encrypted Passwords?
From: andrew morgan (morgan@orst.edu)
Date: Fri Sep 15 2000 - 13:49:47 EDT
Use DHX encrypted passwords. You'll need to have a reasonably current
version of AppleShare installed on your macs (3.8.3? 3.8.6?) to use it,
but it works great for me.
It is not as secure perhaps as 2-way randnum (which authenticates both the
user and the server), but it does encrypt the password, which is good
enough for most people. The nice part is that the server gets your
cleartext password after it decrypts it, so you can use the regular PAM
authentication methods -- no .passwd file required.
To add DHX support on the server, you'll need OpenSSL installed, then
point CRYPTODIR (from the top-level netatalk Makefile) to your OpenSSL
installation and recompile.
Andy
On Fri, 15 Sep 2000, Marc J. Miller wrote:
> I'm finding myself in the same boat, but since we use NIS for password
> validation, having thousands of .password files just isn't an option. Can
> anyone suggest a secure alternative to ClearText that doesn't require
> .password files?
>
> ----- Original Message -----
> From: "Basil Hussain" <basil.hussain@reserve.co.uk>
> To: "Netatalk Admins List" <netatalk-admins@umich.edu>
> Sent: Friday, September 15, 2000 7:45 AM
> Subject: How to Go About 2-Way Encrypted Passwords?
>
>
> > Hi all,
> >
> > I've been running Netatalk on a couple of Linux systems now for several
> > months, however the thought just crossed my mind that it was about time I
> > tried to tighten up security for it. So, I want to start using 2-way
> > encrypted passwords (as opposed to clear text, which is what I'm using at
> > the moment).
>
>
This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:32:11 EST