'Re: [Netatalk-admins] Netatalk/Samba/Other Services Login Schemes(Was:'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netatalk
Subject:    Re: [Netatalk-admins] Netatalk/Samba/Other Services Login Schemes(Was:
From:       "R. Michael Stephens" <Robert.M.Stephens () vanderbilt ! edu>
Date:       2002-05-30 15:45:25
[Download RAW message or body]

We do it with DCE (if you like complications) and encrypted passwords
for both samba
and netatalk.  part of the account/password maintenance process is to
store an encrypted
version of the real password which is unencrypted and presented to DCE. 
The appropriate
samba oneway encryption is created and stored via the maintenance
routines as well.

Samba authenticates against the oneway encryption string in the modified
samba password file,
decrypts the real password on success of the first authentication and
presents ot to DCE for
final authentication.  Netatalk does its randnum process against the
encrypted real password
 in the modified samba password file as well.  The same sort of process
could be easily 
applied to LDAP or KERBEROS just a matter of gleaning some of the code
from samba creating a couple of admin tools and make a couple of small
changes to netatalk and samba.

I don't particularly recommend DCE/DFS and when we redesign VUspace (our
distributed disk
space service) we will replace them it is just a matter of time and
having all of our
requirements met by the underlying servers.

Kyle Johnson wrote:
> 
> On 5/30/02 11:10 AM, "Ron Creamer" <ron@pageworks.com> had the following
> insightful comment:
> 
> > I do have LDAP working serving passwords for samba clients, telnet & ftp
> > sessions, and netatalk sessions. It's really the only way to go.
> 
> How are you doing the samba passwords?  When we tried to use PAM with
> Kerberos and samba it wouldn't work because the Windows clients were sending
> the passwords encrypted.  Did you just go back to plain text passwords, or
> did we miss something?
> 
> (I know, I just made this off topic.  Sorry)  '-)
> 
> /kyle
> ---
> Kyle Johnson                                     kyle.johnson@duke.edu
> Manager, Information Systems        http://www.studentaffairs.duke.edu
> Duke University Student Affairs
> -----------------------------------------------------------------------
> Whatever happens, behave like you meant it to happen.
> 
> _______________________________________________________________
> 
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
> 
> _______________________________________________
> Netatalk-admins mailing list
> Netatalk-admins@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/netatalk-admins

--                                                           
R. Michael Stephens               Systems Software Specialist
Vanderbilt University         Information Technology Services
Systems Team                    VUwebmail/VUspace/VUdirectory
Nashville TN.  USA  R.M.Stephens@Vanderbilt.Edu  615.343.8780

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Netatalk-admins mailing list
Netatalk-admins@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netatalk-admins
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic