[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netatalk
Subject:    Re: [netatalk-admins] non-cleartext passwords...
From:       Andras Kadinger <bandit () freeside ! elte ! hu>
Date:       1998-04-17 1:25:42
[Download RAW message or body]

Tomas,

I am almost completely blank on kerberos authentication and UAMs.

Tomas Revesz wrote:
> 1.  Do i need to go through all this trouble or is there a simpler way to
> scramble passwords between client and server?

Adrian's patch set includes a possibility to use afpd with something
called '2wayrandnum' exchange. For this to work, You have to store the
user's password cleartext in their home directory (~home/.passwd I
remember), which might or might not be a security concern to You. This
way You can have encrypted passwords over the wire, but unencrypted
password on the disk. I think, You would be better off with kerberos if
You have serious security expectations.

Sincerely,
Andras Kadinger
bandit@freeside.elte.hu

[prev in list] [next in list] [prev in thread] [next in thread]