+++ /dev/null
-Netatalk Frequently Asked Questions
-($Id: FAQ,v 1.1 2001-03-06 19:32:48 lancel Exp $)
-
-Compilation -----------------------------------------------------------------
-
-Installation ----------------------------------------------------------------
-
-Execution -------------------------------------------------------------------
-
-Q: I get a "socket: Invalid argument" error when trying to start netatalk
- under Linux. What is causing this?
-A: The "appletalk" and "ipddp" kernel modules have to be installed under
- linux for netatalk to function. The appletalk module can be automatically
- loaded by adding the line "alias net-pf-5 appletalk" to the
- /etc/modules.conf file. Issuing the command "modprobe (module)" will
- load the module for the current session.
-
-Q: netatalk works over Appletalk, but my IP connections are refused, even
- though I have enabled them in the configuration files.
-A: If tcp_wrappers support is compiled into netatalk, access has to be
- granted in /etc/hosts.allow for netatalk to successfully accept IP
- connections. This can be done by the addition of the line:
- afpd: 127. xxx.xxx.xxx. (whatever other subnets)
-
+++ /dev/null
-Installation and Configuration of Netatalk 1.5
-Lance Levsen, l.levsen@printwest.com
-V0.2, 02 March 2001
-
-
-Prerequisites
-=============
-
-1. Libtool (only needed by developers)
-Libtool encapsulates the platform specific dependencies for the
-creation of libraries. It determines if the local platform can support
-shared libraries or if it only supports static libraries.
-
-Documentation: http://www.gnu.org/software/libtool/
-Program: (see the GNU mirrors) /gnu/libtool/libtool-1.3.5.tar.gz
-
-2. GNU m4 (only needed by developers)
-GNU m4 is an implementation of the Unix macro processor. It reads
-stdin and copies to stdout expanding defined macros as it processes
-the text.
-
-Documentation: http://www.gnu.org/software/m4/
-Program: (see the GNU mirrors) /gnu/m4/m4-1.4.tar.gz
-
-3. Autoconf
-Autoconf is a package of m4 macros that produce shell scripts to
-configure source code packages.
-
-Documentation: http://www.gnu.org/software/autoconf/
-Program: (see the GNU mirrors) /gnu/autoconf/autoconf-2-13.tar.gz
-
-4. Automake
-Automake is a tool that generates 'Makefile.in' files.
-
-Documentation: http://www.gnu.org/software/automake/
-Program: (see the GNU mirrors) /gnu/automake/auto-1.4.tar.gz
-
-Optional
-========
-5. OpenSSL
-The OpenSSL Project is a collaborative effort to develop a robust,
-commercial-grade, full-featured, and Open Source toolkit implementing
-the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
-v1) protocols as well as a full-strength general purpose cryptography
-library.
-This is required to enable DHX login support.
-
-Get everything at http://www.openssl.org/
-
-
-You can get the Linux PAM documentation and sources from
-http://www.kernel.org/pub/linux/libs/pam/
-
-6. TCP Wrappers
-Wietse Venema's network logger, also known as TCPD or LOG_TCP. These
-programs log the client host name of incoming telnet, ftp, rsh,
-rlogin, finger etc. requests. Security options are: access control per
-host, domain and/or service; detection of host name spoofing or host
-address spoofing; booby traps to implement an early-warning system.
-
-TCP Wrappers can be gotten at ftp://ftp.porcupine.org/pub/security/
-
-7. PAM (Pluggable Authentication Modules for Linux)
-Linux-PAM is a suite of shared libraries that enable the local system
-administrator to choose how applications authenticate users.
-
-Information on Linux-PAM can be retrieved from
-http://kernel.stuph.org/pub/linux/libs/pam/
-
-Installing Netatalk
-===================
-
-1. Read the configure options.
-$> ./configure --help
-
-This prints a listing of the command line options for configure to
-use. Notables are:
-
---disable-admin-group: disable admin group (default on),
-
---disable-ddp: disable DDP support,
-
---enable-dropkludge: enable the experimental dropbox fix (INSECURE!)
-
- --with-pam: enable password authentication modules support,
-
---with-shadow: enable shadow password support,
-
---with-tcp-wrappers: enable TCP wrappers support
-
---with-ssl-dirs=[PATH]: specify path to OpenSSL installation.
-NOTE: This is dependent on the same directory layout as the source
-distribution of Openssl. That is: ./include/ and ./lib/ to be on the
-same level. Many .rpm formats do not have their files laid out in this
-format.
-
---enable-lastdid: Recreate version 37b behaviour where directory id's
-are incrementally calculated versus the new hash method. Unfortunately
-for machines that have a lot of devices, and/or a lot of inodes the
-hash can fail with multiple directories resolving to the same DID.
-
-Enable/Disable the desired options like this:
-$>./configure --option1 --option2 ....
-
-2. Assuming ./configure worked well,
-$> make (as root or sudo)
-
-3. Assuming the program compiled without errors,
-$> make install (as root or sudo)
-
-Assuming you haven't changed the install directories, this will
-install the configutation files in /etc/atalk. The uams in
-/etc/atalk/uams. The binaries will be in /usr/sbin/.
-
-4. Configure Netatalk (See below 'Configuring Netatalk')
-The default location for the configuration files is /etc/atalk/.
-
-5. Setup your rc script so that Netatalk is started on boot.
-You can find sample initscripts in ./distrib/initscripts/ from the
-source directory.
-
-6. If you enabled PAM, then copy the ./config/netatalk PAM file to
-/etc/pam.d/ or where ever your system puts the PAM configuration
-files.
-
-
-Configuring Netatalk
-====================
-
-Netatalk supplies two different types of Appletalk servers and both
-can run at the same time. Classic Appletalk requires afpd and
-atalkd. Appletalk over IP only requires afpd. Classic Appletalk on
-GNU/LInux requires that CONFIG_ATALK is compiled into the kernel or as
-a kernel module. To check to see if the kernel has Appletalk
-installed:
-
-$> dmesg | grep Apple
-This just parses the boot messages for any line containing
-'Apple'.
-
-To loaded as a module:
-$> lsmod
-
-If you don't find it, you may have to compile a kernel and turn on
-Appletalk in Networking options -> Appletalk DDP. You have an option
-to install as a module or directly into the kernel.
-
-Some default distribution kernels have already compiled Appletalk DDP
-as a module, you may have to edit your /etc/modules.conf to include:
-"alias net-pf-5 appletalk ".
-
-Note: check your distribution documentation about editing
-/etc/modules.conf.
-
-For more complete information about the Linux kernel see the
-Kernel-HOWTO:
-http://www.linuxdoc.org/HOWTO/Kernel-HOWTO.html
-
-
-1. /etc/atalk/afpd.conf
-Edit /etc/atalk/afpd.conf as required. Some options:
-
-Format:
-- [options] to specify options for the default server
-and/or
- "Server name" [options] to specify an additional server
-
-The following options are available:
-
-Transport Protocols:
- -[no]tcp Make AFP-over-TCP [not] available
- -[no]ddp Make AFP over AppleTalk [not] available. if you have
- -proxy specified, specify -uamlist "" to prevent ddp
- connections from working.
- -transall Make both available (default)
-
-Transport Options:
- -ipaddr <w.x.y.z>
- Specifies the IP address the server should
- respond to (default is the first IP address of the system). This
- option also allows one machine to advertise TCP/IP for another machine.
- -server_quantum <number>
- Specifies the DSI server quantum. The minimum
- value is 1MB. The max value is 0xFFFFFFFF. If you specify a value that
- is out of range, you'll get the default value (currently the
- minimum).
- -admingroup <groupname>
- Specifies the group of administrators who should all
- be seen as the superuser when they log in. Default
- is disabled.
- -ddpaddr x.y Specifies the DDP address of the server. the default
- is to auto-assign an address (0.0). this is only
- useful if you're running on a multihomed host.
- -port <number> Specifies the TCP port the server should
- respond to (default is 548)
- -fqdn <name:port> Specify a fully-qualified domain name
- (+optional port). this gets discarded if the
- server can't resolve it. this is not honored
- by appleshare clients <= 3.8.3 (default: none)
- -proxy Run an AppleTalk proxy server for specified AFP/TCP
- server (if address/port aren't given, then first IP
- address of the system/548 will be used). if you don't
- want the proxy server to act as a ddp server as well,
- set -uamlist to an empty string.
-
-Authentication Methods:
- -uampath <path> Use this path to look for User Authentication
- Modules. (default: /etc/atalk/uams)
- -uamlist <a,b,c> Comma-separated list of UAMs. (default:
- uams_guest.so,uams_clrtxt.so,uams_dhx.so)
-
- Some Common UAMs
- uams_guest.so: Allow guest logins
-
- uams_clrtxt.so: (uams_pam.so or uams_passwd.so)
- Allow logins with passwords transmitted in the clear.
-
- uams_randnum.so: Allow Random Number and Two-Way Random Number
- exchange for authentication.
-
- uams_dhx.so: (uams_dhx_pam.so or uams_dhx_passwd.so)
- Allow Diffie-Hellman eXchange (DHX) for authentication.
-
-Password Options:
- -[no]savepassword [Don't] Allow clients to save password locally
- -passwdfile <path> Use this path to store Randnum
- passwords. (default: ~/.passwd. the only other
- useful value is /etc/atalk/afppasswd.)
- -passwdminlen <#> Minimum password length. may be ignored.
- -[no]setpassword [Don't] Allow clients to change their passwords.
- -loginmaxfail <#> Maximum number of failed logins. this may be
- ignored if the uam can't handle it.
-
-AppleVolumes files:
- -defaultvol <path> Specifies path to AppleVolumes.default file
- (default /etc/atalk/AppleVolumes.default, same
- as -f on command line)
- -systemvol <path> Specifies path to AppleVolumes.system file
- (default /etc/atalk/AppleVolumes.system, same
- as -s on command line)
- -[no]uservolfirst [Don't] read the user's ~/AppleVolumes or
- ~/.AppleVolumes before reading
- /etc/atalk/AppleVolumes.default (same as -u on
- command line)
- -[no]uservol [Don't] Read the user's volume file
-
- -nlspath <path> Prepend this path to each code page filename in volume
- options (default: /etc/atalk/nls).
-
-Miscellaneous:
- -guestname "user" Specifies the user name for the guest login
- (default "nobody", same as -g on command line)
- -loginmesg "Message" Client will display "Message" upon logging in
- (no default, same as -l "Message" on
- command-line)
- -nodebug Switch off debugging
- -tickleval <number> Specify the tickle timeout interval (in seconds)
- -icon Use the platform-specific icon.
-
-An example:
-"Lance" -transall -uamlist uams_dhx.so -nosavepassword -setpassword
-"Lance" is the server name, I enable both TCP and DDP,
-all logins via DHX (requires AppleShare 3.8.6), the users cannot save
-the password with keychains and it allows the users to set their
-passwords.
-
-With no afpd.conf the default is:
-
-- -transall -uamlist uams_guest.so,uams_clrtxt.so,uams_dhx.so
--nosavepassword
-
-No server name, allow afp over tcp and afp over AppleTalk , allow
-guest access, logins in clear text and DHX, don't allow the user to
-save the password.
-
-2. /etc/atalk/atalkd.conf
-
-Classic Appletalk is configured in atalkd.conf. For detailed
-information please reference
-
-http://www.neon.com/atalk_routing.html and
-http://www-commeng.cso.uiuc.edu/docs/appletalk/
-
-The whole point of seting up atalkd is to allow appletalk routing to
-the localhost as a file and print server. The atalkd.conf file sets up
-the appletalk routing by assigning Appletalk zone (or zones)
-information to the networks it is attached to.
-
-Within appletalk there are three different types of routers: seed,
-nonseed and soft seed.
-
-Seed publishes the network and zone information to the network. In the
-case of a conflict, this router takes precedence. Nonseed acts as a
-forwarder in that all network and zone information for it's network
-segment is pulled from an upstream router. A soft seed router is
-configured like a seed router, but will defer and use upstream seeded
-zone information if there is a conflict.
-
-Netatalk has the option to behave like a nonseed router or a soft seed
-router. Netatalk will defer to an upstream seed if there is a
-conflict. Any missing configurations will be filled from the network.
-
-Appletalk phases are of two types. The unused, unsupported, obsolete
-phase 1, or the new useful phase 2.
-
-Phase 1 was Apples original protocol for Appletalk over Ethernet. It
-treated an entire network segment as one appletalk network capable of
-holding 254 nodes. Don't use this.
-
-Phase 2 is the new version. It allows a configurable network range
-between the numbers 1 and 65279, each network capable of hosting 253
-nodes for a total of 16, 515, 587 Appletalk interfaces. That's a lot
-of iMacs. :-)
-
-Within an Appletalk network addressing is a Network:Node:Socket
-triplet. The socket number is general dropped because nothing uses the
-information.
-
-Using ethernet and phase 2 the network number can be singular, '1' or
-a range 1-20. Node assignment is the responsibility of the clients so
-you don't have to worry about it. The range of 65280-65534 is called
-the startup range and is used by the Mac when it is on a network
-without any routers, you probably shouldn't publish a network withing
-this range. If you're publishing to a LocalTalk network segment
-(Hello? Welcome to Y2K. :) your maximum network range is _one_
-network.
-
-Zone's must be less then 32 characters long.
-
-Format of lines in this file:
- interface [ -seed ] [ -router | -dontroute ]
- [ -phase { 1 | 2 } ] [ -addr net.node ]
- [ -net first[-last] ] [ -zone ZoneName ] ...
-
- interface: the interface that is publishing the appletalk server. eth0
-
- -seed - requires two interfaces. The router is acting as a
- bridge between the two networks. A soft seed router.
-
- -router - only requires one interface.
-
- -dontroute - don't publish routing information
-
- -addr this machines network.node address.
-
-Examples:
-
-eth0
- - Appletalk network is off eth0, no routing information
-published, get it all off the network.
-
-eth0 -router -phase 2 -addr 100.10 -net 100-110 -zone "Upstairs"
-- Appletalk network is off eth0, this server is not a bridge, it
-publishes zone information for Networks 100-110. The servers appletalk
-node address is node 10 of network 100. This zone is called Upstairs.
-
-eth0 -phase 2
-eth1 -seed -phase 2 -addr 100.10 -net 100-110 -zone "Upstairs"
-- This allows routing between the appletalk networks on eth0 and eth1,
-for eth1 this server acts as a soft seed router of a phase 2 network
-segment of 100-110 where this machine is 100.10
-
-3. /etc/atalk/papd.conf
-
-To be written by someone who actully uses the print server. :)
-
-4. /etc/atalk/netatalk.conf
-
-To be written.
-
+++ /dev/null
-$Id: README,v 1.1 2001-03-06 19:32:48 lancel Exp $
-
-This is the README file for netatalk.
-
-Contents:
- o A Brief Description
- o Building & Installing
- o Getting Help
-
-netatalk is an implementation of the AppleTalk Protocol Suite. The
-current release contains support for EtherTalk Phase I and II, DDP,
-RTMP, NBP, ZIP, AEP, ATP, PAP, ASP, and AFP. The complete stack looks
-like this on a BSD-derived system:
-
- AFP
- |
- ASP PAP
- \ /
- ATP RTMP NBP ZIP AEP
- | | | | |
- -+---------------------------------------------------+- (kernel boundary)
- | Socket |
- +-----------------------+------------+--------------+
- | | TCP | UDP |
- | DDP +------------+--------------+
- | | IP |
- +-----------------------+---------------------------+
- | Network-Interface |
- +---------------------------------------------------+
-
-DDP is in the kernel. "atalkd" implements RTMP, NBP, ZIP, and AEP. It
-is the AppleTalk equivalent of Unix "routed". There is also a
-client-stub library for NBP. ATP and ASP are implemented as
-libraries. "papd" allows Macs to spool to "lpd", and "pap" allows Unix
-machines to print to AppleTalk connected printers. "psf" is a
-PostScript printer filter for "lpd", designed to use "pap". "psorder"
-is a PostScript reverser, called by "psf" to reverse pages printed to
-face-up stacking printers. "afpd" provides Macs with an interface to
-the Unix file system. Refer to the appropriate man pages for
-operational information.
-
-netatalk runs on five operating systems:
-
- OS Versions Hardware Notes
- -- -------- -------- -----
- Solaris 2.5 Sparc
- Linux 1.3.x,2.x PC
- FreeBSD 2.2-current PC after 12 Sept 96
- SunOS 4.1+ Sparc kernel must have VDDRV
- option installed
- Ultrix 4.[1-4] 3100,5000
-
-Instructions for installing the kernel portions of netatalk and system
-dependent FAQs are in the README file for your system, e.g.
-INSTALL/README.SUNOS, INSTALL/README.ULTRIX.
-
-Building netatalk (versions up to 1.4b2+asun2.1.4):
-
-0. To build afpd for use with an AFS filesystem, first follow the
- instructions in INSTALL/README.AFS, then complete these
- instructions.
-
-1. Set DESTDIR in the root Makefile. DESTDIR is the directory below
- which all binaries will be installed. Setting it causes all
- installation-relative pathnames to be set correctly. You may also
- wish to set MANDIR. (If you do not want all binaries to go under
- DESTDIR, you can instead set SBINDIR, BINDIR, ETCDIR, and LIBDIR,
- to control the locations of the individual sections.)
-
-2. When you've completed the configuration, type "make" at the root of
- the source. This will make all binaries.
-
-Building netatalk (1.5 and up):
-
-0. Be sure to have the following utilities installed before attemping
- to build netatalk (*=required, +=optional):
- * GNU autoconf
- * GNU automake
- * GNU libtool
- * GCC or another ANSI C compliant compiler
- + OpenSSL or another SSL library to enable crypto support
- + tcp_wrappers to enable IP filtering support
-
-1. Run "./configure --help" to give a list of all of the available
- configuration options. You can then use "./configure (options)" to
- generate the build structure for netatalk. This system will
- automatically determine many things about your system to aid in the
- build process.
-
-2. Type "make all" at the root of the source to build everything.
-
-Installing netatalk (versions up to 1.4b2+asun2.1.4):
-
-1. To install the binaries, type "make install" at the root of the
- source tree. This will install all of the binaries.
-
-2. Sample config files for the daemons are in the config directory,
- e.g. config/AppleVolumes.system. Install these files, or a version
- of these files, in ETCDIR (as distributed DESTDIR/etc), e.g.
- ETCDIR/AppleVolumes.system. See the daemon's man page for a
- description of it's configuration file.
-
-3. psf uses the script SBINDIR/etc2ps to convert anything it
- doesn't understand to PostScript. If you have a troff or dvi to
- PostScript filter on your machine, you might wish to edit etc2ps,
- to use your locally installed PostScript utilities.
-
-4. Add the contents of services.atalk to your /etc/services database.
- If you're using NIS (YP), add the contents of services.atalk to the
- NIS master's maps and push them.
-
-5. The file rc.atalk is installed in ETCDIR. It should be called
- from your /etc/rc file, e.g. "sh ETCDIR/rc.atalk". For more
- information on what this script does, read the man pages for the
- appropriate commands.
-
-Installing netatalk (1.5 and up):
-
-1. Type "make install" or "make install-strip" to install binaries on
- the system. To install in a "fake" tree (like installing all /etc
- files in /var/tmp/tree/etc and all /usr files in /var/tmp/tree/usr),
- use "make DESTDIR=(path) install" or "make DESTDIR=(path) install-strip".
-
-2. Add the contents of services.atalk to your /etc/services database.
- If you're using NIS (YP), add the contents of services.atalk to the
- NIS master's maps and push them.
-
-Please read the FAQ for netatalk if you are having problems
-
-You might be interested in looking at the netatalk home page at
-http://www.umich.edu/~rsug/netatalk, which contains netatalk information
-up to version 1.4b2. It has an archive of patches, trouble shooting
-hints, and some links to other netatalk and file service related sites.
-
-For more recent information on netatalk, visit the homepage at
-http://netatalk.sourceforge.net/
-
-Development is currently carried out on the netatalk-devel list on
-sourceforge (netatalk-devel@lists.sourceforge.net).
-
-You may wish to join the netatalk-admins@umich.edu (moderated) mailing
-list. It carries announcements of new releases and general
-discussion. You can join (or resign from) this list by sending mail to
-netatalk-admins-request@umich.edu. Submissions (NOT requests to join
-or resign) to this list should be sent to netatalk-admins@umich.edu.
-
-Research Systems Unix Group
-The University of Michigan netatalk@umich.edu
-c/o Wesley Craig +1-313-764-2278
-535 W. William St.
-Ann Arbor, Michigan
-48103-4943
-
-Amended 07 Feb 2001 jeff b <jefF@univrel.pr.uconn.edu>
+++ /dev/null
-this version of netatalk represents changes i have made to incorporate
-AFP 2.2 (AppleShare TCP/IP) support. it is based upon 1.4b2 and is not
-currently supported by umich. i hope to eventually get it incorporated
-into a future version.
-
-i hope you find this code useful. as such, i am releasing my changes
-under a copyright similar to the rest of the netatalk code.
-
-i would appreciate users of my patches letting me know of any problems
-or difficulties they have with it. i can only tested it on a limited
-number of machines. as a result, improved compatability and fixes can
-only come if i hear of problems. you can find my patches at
-<ftp://ftp.cobaltnet.com/pub/users/asun>.
-
-the patches currently include the following features:
- AFP/TCP
- 64-bit clean
- large volume support -- you'll need at least 3.7.2seed3
- and os > 7.6.1 for this to to be used.
-
- If your compiler can't generate 64-bit
- ints, you'll need to disable this
- feature. add -DNO_LARGE_VOL_SUPPORT to
- the DEFS line in your system's
- Makefile. NOTE: gcc can generate
- 64-bit ints.
-
- ADDITIONAL NOTE: gcc sometimes has
- problems with 64-bit ints. i already
- have a workaround in the code to deal
- with this issue.
-
- server messages -- at this point, there is no mechanism to send
- an arbitrary server message.
-
- all of AFP 2.2. All of AFP 2.1 except for FPCatSearch is
- is implemented if fixed id support is compiled in.
-
- tcp wrapper support. if TCPWRAPDIR is uncommented in the
- main Makefile, tcp wrapper support will get built.
- i recommend building w/ it to enable host restrictions.
-
- a number of bug fixes (SO_BROADCAST, server info, file/dir
- case insensitive comparisons, and more probably)
-
- working quota support for linux and bsd4.4. nfs rquota support
- is also available. it hasn't been extensively tested on all
- the platforms yet. NOTE: there's bug in the linux kernel code
- pre-2.2.8 and pre-2.0.37 that prevents quota support from working
- properly under linux.
-
- you can now specify server options in an afpd.conf file. it's
- pretty useless unless you want to start multiple servers up.
- anyways, look at config/afpd.conf to see what's available.
- in addition, you can use kill -HUP to force a re-read of
- afpd.conf. as the first kill -HUP turns off connections,
- you'll have to send another one to force a re-read.
-
- i've also merged a slightly modified version of redhat's pam
- patches. you need to make sure that the PAMDIR entry in the main
- Makefile is uncommented and pointing to the right directory for
- this to work. in case you don't know what pam is, it stands for
- pluggable authentication modules. for more information, here's
- a web page: <http://www.redhat.com/linux-info/pam/>
-
- i've merged in <shirsch@ibm.net>'s apple II ProDOS support.
-
- i've added Randnum and 2-Way Randnum support. part of the code is
- compliments of<shirsch@ibm.net>. as afp doesn't do the
- fallback thing in case of failure, Randnum and 2-Way Randnum
- are only available via afpd.conf. To get them to work, each
- user must have a ~/.passwd file (not read-/writeable by anyone
- else) with a password. this is a potential security problem as
- root can read the password. this may be compensated, to some
- extent, by the fact that your password never goes onto the wire
- when mounting a volume.
-
- NOTE: you will need to get a copy of the des library if you
- don't already have one for this option to work. i got mine
- from <ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz>
-
- A Diffie-Hellman-based UAM is also available. This requires
- libcrypto from either the SSLeay package (available at the
- above site) or OpenSSL (ftp.openssl.org).
-
- ADDITIONAL NOTE: the absence of a /dev/urandom or running out
- of entropy will result a non truly-random number being used as
- the challenge. you have been warned. for all intents and
- purposes, however, linux' /dev/urandom should provide a
- sufficiently random number to be considered secure even when
- the entropy pool gets drained. it certainly does a much better
- job than gettimeofday(); random().
-
- the bad file descriptor bug should now be fixed. thanks to
- bsmith@h-e.com for tracking this down.
-
- this patchset should not have a problem with "dancing icons."
- if you are still having a problem with this, it's highly
- likely that files in your .AppleDouble directory have gotten
- corrupted.
-
- you can now login in with your "real" user name as specified
- in your password entry. if you don't want to do this, just add
- -DNO_REAL_USER_NAME to your DEFS line.
-
- byte locks should now work. if you want to enable the old way
- of doing things, add -DUSE_FLOCK_LOCKS.
-
- you can now specify whether or not you want uservolume files
- to be read. add -nouservol to afpd.conf if you don't want user-
- specified .AppleVolumes files to be read.
-
- afpd now will report the number of kilobytes read/written during
- a session (from the server's perspective).
-
- i have merged against netatalk-990130. this includes an
- improved STREAMS driver and some changes to libatalk. the
- STREAMS driver still doesn't do setsockopt correctly, but it's
- supposed to be much more stable. contact the folks at umich if
- you have questions about it.
-
- fixed a problem with sys/netatalk/ddp_input.c reported by
- <abs@anim.dreamworks.com>.
-
- AppleVolumes.* now has many more configuration options. You
- can specify newline translation (crlf) on a per-volume basis,
- utilize a codepage translation file for compatibility with
- other file serving programs, and restrict access to particular
- volumes. Please read config/AppleVolumes.default for more
- information.
-
-platforms compiled on:
- linux/intel,sparc
- linux/axp
- *bsd
- sunos4.1.4/sparc
- ultrix/mips
- solaris 2.5.x, 2.6, and 2.7.
-
-problems with appletalk:
- certain ethernet card/drivers don't deal well with the fact
- that appletalk aggressively uses hardware multicast. here are
- a few ones that may cause problems:
- ne2000 clones
- 3Com501 cards (maybe others)
- intel etherexpress/pro
- set multicast_filter_limit=3 in linux if you're having
- problems with this card. to do that, add the following
- line to /etc/conf.modules:
- options eepro100 multicast_filter_limit=3
-
-Acknowledgements:
- i would like to thank leland wallace at apple for a lot of
- helpful advice on interpreting the appleshare ip documentation.
-
- i would also like to thank the numerous people who have helped
- test this program. they greatly improved the compatability of
- the code.
-
- REALM Information provided financial support for the
- AppleDouble v2 and CNID database work.
-
-adrian sun
-asun@cobaltnet.com
--- /dev/null
+Netatalk Frequently Asked Questions
+($Id: FAQ,v 1.1 2001-03-06 23:20:25 lancel Exp $)
+
+Compilation -----------------------------------------------------------------
+
+Installation ----------------------------------------------------------------
+
+Execution -------------------------------------------------------------------
+
+Q: I get a "socket: Invalid argument" error when trying to start netatalk
+ under Linux. What is causing this?
+A: The "appletalk" and "ipddp" kernel modules have to be installed under
+ linux for netatalk to function. The appletalk module can be automatically
+ loaded by adding the line "alias net-pf-5 appletalk" to the
+ /etc/modules.conf file. Issuing the command "modprobe (module)" will
+ load the module for the current session.
+
+Q: netatalk works over Appletalk, but my IP connections are refused, even
+ though I have enabled them in the configuration files.
+A: If tcp_wrappers support is compiled into netatalk, access has to be
+ granted in /etc/hosts.allow for netatalk to successfully accept IP
+ connections. This can be done by the addition of the line:
+ afpd: 127. xxx.xxx.xxx. (whatever other subnets)
+
--- /dev/null
+Installation and Configuration of Netatalk 1.5
+Lance Levsen, l.levsen@printwest.com
+V0.2, 02 March 2001
+
+
+Prerequisites
+=============
+
+1. Libtool (only needed by developers)
+Libtool encapsulates the platform specific dependencies for the
+creation of libraries. It determines if the local platform can support
+shared libraries or if it only supports static libraries.
+
+Documentation: http://www.gnu.org/software/libtool/
+Program: (see the GNU mirrors) /gnu/libtool/libtool-1.3.5.tar.gz
+
+2. GNU m4 (only needed by developers)
+GNU m4 is an implementation of the Unix macro processor. It reads
+stdin and copies to stdout expanding defined macros as it processes
+the text.
+
+Documentation: http://www.gnu.org/software/m4/
+Program: (see the GNU mirrors) /gnu/m4/m4-1.4.tar.gz
+
+3. Autoconf
+Autoconf is a package of m4 macros that produce shell scripts to
+configure source code packages.
+
+Documentation: http://www.gnu.org/software/autoconf/
+Program: (see the GNU mirrors) /gnu/autoconf/autoconf-2-13.tar.gz
+
+4. Automake
+Automake is a tool that generates 'Makefile.in' files.
+
+Documentation: http://www.gnu.org/software/automake/
+Program: (see the GNU mirrors) /gnu/automake/auto-1.4.tar.gz
+
+Optional
+========
+5. OpenSSL
+The OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, full-featured, and Open Source toolkit implementing
+the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
+v1) protocols as well as a full-strength general purpose cryptography
+library.
+This is required to enable DHX login support.
+
+Get everything at http://www.openssl.org/
+
+
+You can get the Linux PAM documentation and sources from
+http://www.kernel.org/pub/linux/libs/pam/
+
+6. TCP Wrappers
+Wietse Venema's network logger, also known as TCPD or LOG_TCP. These
+programs log the client host name of incoming telnet, ftp, rsh,
+rlogin, finger etc. requests. Security options are: access control per
+host, domain and/or service; detection of host name spoofing or host
+address spoofing; booby traps to implement an early-warning system.
+
+TCP Wrappers can be gotten at ftp://ftp.porcupine.org/pub/security/
+
+7. PAM (Pluggable Authentication Modules for Linux)
+Linux-PAM is a suite of shared libraries that enable the local system
+administrator to choose how applications authenticate users.
+
+Information on Linux-PAM can be retrieved from
+http://kernel.stuph.org/pub/linux/libs/pam/
+
+Installing Netatalk
+===================
+
+1. Read the configure options.
+$> ./configure --help
+
+This prints a listing of the command line options for configure to
+use. Notables are:
+
+--disable-admin-group: disable admin group (default on),
+
+--disable-ddp: disable DDP support,
+
+--enable-dropkludge: enable the experimental dropbox fix (INSECURE!)
+
+ --with-pam: enable password authentication modules support,
+
+--with-shadow: enable shadow password support,
+
+--with-tcp-wrappers: enable TCP wrappers support
+
+--with-ssl-dirs=[PATH]: specify path to OpenSSL installation.
+NOTE: This is dependent on the same directory layout as the source
+distribution of Openssl. That is: ./include/ and ./lib/ to be on the
+same level. Many .rpm formats do not have their files laid out in this
+format.
+
+--enable-lastdid: Recreate version 37b behaviour where directory id's
+are incrementally calculated versus the new hash method. Unfortunately
+for machines that have a lot of devices, and/or a lot of inodes the
+hash can fail with multiple directories resolving to the same DID.
+
+Enable/Disable the desired options like this:
+$>./configure --option1 --option2 ....
+
+2. Assuming ./configure worked well,
+$> make (as root or sudo)
+
+3. Assuming the program compiled without errors,
+$> make install (as root or sudo)
+
+Assuming you haven't changed the install directories, this will
+install the configutation files in /etc/atalk. The uams in
+/etc/atalk/uams. The binaries will be in /usr/sbin/.
+
+4. Configure Netatalk (See below 'Configuring Netatalk')
+The default location for the configuration files is /etc/atalk/.
+
+5. Setup your rc script so that Netatalk is started on boot.
+You can find sample initscripts in ./distrib/initscripts/ from the
+source directory.
+
+6. If you enabled PAM, then copy the ./config/netatalk PAM file to
+/etc/pam.d/ or where ever your system puts the PAM configuration
+files.
+
+
+Configuring Netatalk
+====================
+
+Netatalk supplies two different types of Appletalk servers and both
+can run at the same time. Classic Appletalk requires afpd and
+atalkd. Appletalk over IP only requires afpd. Classic Appletalk on
+GNU/LInux requires that CONFIG_ATALK is compiled into the kernel or as
+a kernel module. To check to see if the kernel has Appletalk
+installed:
+
+$> dmesg | grep Apple
+This just parses the boot messages for any line containing
+'Apple'.
+
+To loaded as a module:
+$> lsmod
+
+If you don't find it, you may have to compile a kernel and turn on
+Appletalk in Networking options -> Appletalk DDP. You have an option
+to install as a module or directly into the kernel.
+
+Some default distribution kernels have already compiled Appletalk DDP
+as a module, you may have to edit your /etc/modules.conf to include:
+"alias net-pf-5 appletalk ".
+
+Note: check your distribution documentation about editing
+/etc/modules.conf.
+
+For more complete information about the Linux kernel see the
+Kernel-HOWTO:
+http://www.linuxdoc.org/HOWTO/Kernel-HOWTO.html
+
+
+1. /etc/atalk/afpd.conf
+Edit /etc/atalk/afpd.conf as required. Some options:
+
+Format:
+- [options] to specify options for the default server
+and/or
+ "Server name" [options] to specify an additional server
+
+The following options are available:
+
+Transport Protocols:
+ -[no]tcp Make AFP-over-TCP [not] available
+ -[no]ddp Make AFP over AppleTalk [not] available. if you have
+ -proxy specified, specify -uamlist "" to prevent ddp
+ connections from working.
+ -transall Make both available (default)
+
+Transport Options:
+ -ipaddr <w.x.y.z>
+ Specifies the IP address the server should
+ respond to (default is the first IP address of the system). This
+ option also allows one machine to advertise TCP/IP for another machine.
+ -server_quantum <number>
+ Specifies the DSI server quantum. The minimum
+ value is 1MB. The max value is 0xFFFFFFFF. If you specify a value that
+ is out of range, you'll get the default value (currently the
+ minimum).
+ -admingroup <groupname>
+ Specifies the group of administrators who should all
+ be seen as the superuser when they log in. Default
+ is disabled.
+ -ddpaddr x.y Specifies the DDP address of the server. the default
+ is to auto-assign an address (0.0). this is only
+ useful if you're running on a multihomed host.
+ -port <number> Specifies the TCP port the server should
+ respond to (default is 548)
+ -fqdn <name:port> Specify a fully-qualified domain name
+ (+optional port). this gets discarded if the
+ server can't resolve it. this is not honored
+ by appleshare clients <= 3.8.3 (default: none)
+ -proxy Run an AppleTalk proxy server for specified AFP/TCP
+ server (if address/port aren't given, then first IP
+ address of the system/548 will be used). if you don't
+ want the proxy server to act as a ddp server as well,
+ set -uamlist to an empty string.
+
+Authentication Methods:
+ -uampath <path> Use this path to look for User Authentication
+ Modules. (default: /etc/atalk/uams)
+ -uamlist <a,b,c> Comma-separated list of UAMs. (default:
+ uams_guest.so,uams_clrtxt.so,uams_dhx.so)
+
+ Some Common UAMs
+ uams_guest.so: Allow guest logins
+
+ uams_clrtxt.so: (uams_pam.so or uams_passwd.so)
+ Allow logins with passwords transmitted in the clear.
+
+ uams_randnum.so: Allow Random Number and Two-Way Random Number
+ exchange for authentication.
+
+ uams_dhx.so: (uams_dhx_pam.so or uams_dhx_passwd.so)
+ Allow Diffie-Hellman eXchange (DHX) for authentication.
+
+Password Options:
+ -[no]savepassword [Don't] Allow clients to save password locally
+ -passwdfile <path> Use this path to store Randnum
+ passwords. (default: ~/.passwd. the only other
+ useful value is /etc/atalk/afppasswd.)
+ -passwdminlen <#> Minimum password length. may be ignored.
+ -[no]setpassword [Don't] Allow clients to change their passwords.
+ -loginmaxfail <#> Maximum number of failed logins. this may be
+ ignored if the uam can't handle it.
+
+AppleVolumes files:
+ -defaultvol <path> Specifies path to AppleVolumes.default file
+ (default /etc/atalk/AppleVolumes.default, same
+ as -f on command line)
+ -systemvol <path> Specifies path to AppleVolumes.system file
+ (default /etc/atalk/AppleVolumes.system, same
+ as -s on command line)
+ -[no]uservolfirst [Don't] read the user's ~/AppleVolumes or
+ ~/.AppleVolumes before reading
+ /etc/atalk/AppleVolumes.default (same as -u on
+ command line)
+ -[no]uservol [Don't] Read the user's volume file
+
+ -nlspath <path> Prepend this path to each code page filename in volume
+ options (default: /etc/atalk/nls).
+
+Miscellaneous:
+ -guestname "user" Specifies the user name for the guest login
+ (default "nobody", same as -g on command line)
+ -loginmesg "Message" Client will display "Message" upon logging in
+ (no default, same as -l "Message" on
+ command-line)
+ -nodebug Switch off debugging
+ -tickleval <number> Specify the tickle timeout interval (in seconds)
+ -icon Use the platform-specific icon.
+
+An example:
+"Lance" -transall -uamlist uams_dhx.so -nosavepassword -setpassword
+"Lance" is the server name, I enable both TCP and DDP,
+all logins via DHX (requires AppleShare 3.8.6), the users cannot save
+the password with keychains and it allows the users to set their
+passwords.
+
+With no afpd.conf the default is:
+
+- -transall -uamlist uams_guest.so,uams_clrtxt.so,uams_dhx.so
+-nosavepassword
+
+No server name, allow afp over tcp and afp over AppleTalk , allow
+guest access, logins in clear text and DHX, don't allow the user to
+save the password.
+
+2. /etc/atalk/atalkd.conf
+
+Classic Appletalk is configured in atalkd.conf. For detailed
+information please reference
+
+http://www.neon.com/atalk_routing.html and
+http://www-commeng.cso.uiuc.edu/docs/appletalk/
+
+The whole point of seting up atalkd is to allow appletalk routing to
+the localhost as a file and print server. The atalkd.conf file sets up
+the appletalk routing by assigning Appletalk zone (or zones)
+information to the networks it is attached to.
+
+Within appletalk there are three different types of routers: seed,
+nonseed and soft seed.
+
+Seed publishes the network and zone information to the network. In the
+case of a conflict, this router takes precedence. Nonseed acts as a
+forwarder in that all network and zone information for it's network
+segment is pulled from an upstream router. A soft seed router is
+configured like a seed router, but will defer and use upstream seeded
+zone information if there is a conflict.
+
+Netatalk has the option to behave like a nonseed router or a soft seed
+router. Netatalk will defer to an upstream seed if there is a
+conflict. Any missing configurations will be filled from the network.
+
+Appletalk phases are of two types. The unused, unsupported, obsolete
+phase 1, or the new useful phase 2.
+
+Phase 1 was Apples original protocol for Appletalk over Ethernet. It
+treated an entire network segment as one appletalk network capable of
+holding 254 nodes. Don't use this.
+
+Phase 2 is the new version. It allows a configurable network range
+between the numbers 1 and 65279, each network capable of hosting 253
+nodes for a total of 16, 515, 587 Appletalk interfaces. That's a lot
+of iMacs. :-)
+
+Within an Appletalk network addressing is a Network:Node:Socket
+triplet. The socket number is general dropped because nothing uses the
+information.
+
+Using ethernet and phase 2 the network number can be singular, '1' or
+a range 1-20. Node assignment is the responsibility of the clients so
+you don't have to worry about it. The range of 65280-65534 is called
+the startup range and is used by the Mac when it is on a network
+without any routers, you probably shouldn't publish a network withing
+this range. If you're publishing to a LocalTalk network segment
+(Hello? Welcome to Y2K. :) your maximum network range is _one_
+network.
+
+Zone's must be less then 32 characters long.
+
+Format of lines in this file:
+ interface [ -seed ] [ -router | -dontroute ]
+ [ -phase { 1 | 2 } ] [ -addr net.node ]
+ [ -net first[-last] ] [ -zone ZoneName ] ...
+
+ interface: the interface that is publishing the appletalk server. eth0
+
+ -seed - requires two interfaces. The router is acting as a
+ bridge between the two networks. A soft seed router.
+
+ -router - only requires one interface.
+
+ -dontroute - don't publish routing information
+
+ -addr this machines network.node address.
+
+Examples:
+
+eth0
+ - Appletalk network is off eth0, no routing information
+published, get it all off the network.
+
+eth0 -router -phase 2 -addr 100.10 -net 100-110 -zone "Upstairs"
+- Appletalk network is off eth0, this server is not a bridge, it
+publishes zone information for Networks 100-110. The servers appletalk
+node address is node 10 of network 100. This zone is called Upstairs.
+
+eth0 -phase 2
+eth1 -seed -phase 2 -addr 100.10 -net 100-110 -zone "Upstairs"
+- This allows routing between the appletalk networks on eth0 and eth1,
+for eth1 this server acts as a soft seed router of a phase 2 network
+segment of 100-110 where this machine is 100.10
+
+3. /etc/atalk/papd.conf
+
+To be written by someone who actully uses the print server. :)
+
+4. /etc/atalk/netatalk.conf
+
+To be written.
+
--- /dev/null
+$Id: README,v 1.1 2001-03-06 23:20:25 lancel Exp $
+
+This is the README file for netatalk.
+
+Contents:
+ o A Brief Description
+ o Building & Installing
+ o Getting Help
+
+netatalk is an implementation of the AppleTalk Protocol Suite. The
+current release contains support for EtherTalk Phase I and II, DDP,
+RTMP, NBP, ZIP, AEP, ATP, PAP, ASP, and AFP. The complete stack looks
+like this on a BSD-derived system:
+
+ AFP
+ |
+ ASP PAP
+ \ /
+ ATP RTMP NBP ZIP AEP
+ | | | | |
+ -+---------------------------------------------------+- (kernel boundary)
+ | Socket |
+ +-----------------------+------------+--------------+
+ | | TCP | UDP |
+ | DDP +------------+--------------+
+ | | IP |
+ +-----------------------+---------------------------+
+ | Network-Interface |
+ +---------------------------------------------------+
+
+DDP is in the kernel. "atalkd" implements RTMP, NBP, ZIP, and AEP. It
+is the AppleTalk equivalent of Unix "routed". There is also a
+client-stub library for NBP. ATP and ASP are implemented as
+libraries. "papd" allows Macs to spool to "lpd", and "pap" allows Unix
+machines to print to AppleTalk connected printers. "psf" is a
+PostScript printer filter for "lpd", designed to use "pap". "psorder"
+is a PostScript reverser, called by "psf" to reverse pages printed to
+face-up stacking printers. "afpd" provides Macs with an interface to
+the Unix file system. Refer to the appropriate man pages for
+operational information.
+
+netatalk runs on five operating systems:
+
+ OS Versions Hardware Notes
+ -- -------- -------- -----
+ Solaris 2.5 Sparc
+ Linux 1.3.x,2.x PC
+ FreeBSD 2.2-current PC after 12 Sept 96
+ SunOS 4.1+ Sparc kernel must have VDDRV
+ option installed
+ Ultrix 4.[1-4] 3100,5000
+
+Instructions for installing the kernel portions of netatalk and system
+dependent FAQs are in the README file for your system, e.g.
+INSTALL/README.SUNOS, INSTALL/README.ULTRIX.
+
+Building netatalk (versions up to 1.4b2+asun2.1.4):
+
+0. To build afpd for use with an AFS filesystem, first follow the
+ instructions in INSTALL/README.AFS, then complete these
+ instructions.
+
+1. Set DESTDIR in the root Makefile. DESTDIR is the directory below
+ which all binaries will be installed. Setting it causes all
+ installation-relative pathnames to be set correctly. You may also
+ wish to set MANDIR. (If you do not want all binaries to go under
+ DESTDIR, you can instead set SBINDIR, BINDIR, ETCDIR, and LIBDIR,
+ to control the locations of the individual sections.)
+
+2. When you've completed the configuration, type "make" at the root of
+ the source. This will make all binaries.
+
+Building netatalk (1.5 and up):
+
+0. Be sure to have the following utilities installed before attemping
+ to build netatalk (*=required, +=optional):
+ * GNU autoconf
+ * GNU automake
+ * GNU libtool
+ * GCC or another ANSI C compliant compiler
+ + OpenSSL or another SSL library to enable crypto support
+ + tcp_wrappers to enable IP filtering support
+
+1. Run "./configure --help" to give a list of all of the available
+ configuration options. You can then use "./configure (options)" to
+ generate the build structure for netatalk. This system will
+ automatically determine many things about your system to aid in the
+ build process.
+
+2. Type "make all" at the root of the source to build everything.
+
+Installing netatalk (versions up to 1.4b2+asun2.1.4):
+
+1. To install the binaries, type "make install" at the root of the
+ source tree. This will install all of the binaries.
+
+2. Sample config files for the daemons are in the config directory,
+ e.g. config/AppleVolumes.system. Install these files, or a version
+ of these files, in ETCDIR (as distributed DESTDIR/etc), e.g.
+ ETCDIR/AppleVolumes.system. See the daemon's man page for a
+ description of it's configuration file.
+
+3. psf uses the script SBINDIR/etc2ps to convert anything it
+ doesn't understand to PostScript. If you have a troff or dvi to
+ PostScript filter on your machine, you might wish to edit etc2ps,
+ to use your locally installed PostScript utilities.
+
+4. Add the contents of services.atalk to your /etc/services database.
+ If you're using NIS (YP), add the contents of services.atalk to the
+ NIS master's maps and push them.
+
+5. The file rc.atalk is installed in ETCDIR. It should be called
+ from your /etc/rc file, e.g. "sh ETCDIR/rc.atalk". For more
+ information on what this script does, read the man pages for the
+ appropriate commands.
+
+Installing netatalk (1.5 and up):
+
+1. Type "make install" or "make install-strip" to install binaries on
+ the system. To install in a "fake" tree (like installing all /etc
+ files in /var/tmp/tree/etc and all /usr files in /var/tmp/tree/usr),
+ use "make DESTDIR=(path) install" or "make DESTDIR=(path) install-strip".
+
+2. Add the contents of services.atalk to your /etc/services database.
+ If you're using NIS (YP), add the contents of services.atalk to the
+ NIS master's maps and push them.
+
+Please read the FAQ for netatalk if you are having problems
+
+You might be interested in looking at the netatalk home page at
+http://www.umich.edu/~rsug/netatalk, which contains netatalk information
+up to version 1.4b2. It has an archive of patches, trouble shooting
+hints, and some links to other netatalk and file service related sites.
+
+For more recent information on netatalk, visit the homepage at
+http://netatalk.sourceforge.net/
+
+Development is currently carried out on the netatalk-devel list on
+sourceforge (netatalk-devel@lists.sourceforge.net).
+
+You may wish to join the netatalk-admins@umich.edu (moderated) mailing
+list. It carries announcements of new releases and general
+discussion. You can join (or resign from) this list by sending mail to
+netatalk-admins-request@umich.edu. Submissions (NOT requests to join
+or resign) to this list should be sent to netatalk-admins@umich.edu.
+
+Research Systems Unix Group
+The University of Michigan netatalk@umich.edu
+c/o Wesley Craig +1-313-764-2278
+535 W. William St.
+Ann Arbor, Michigan
+48103-4943
+
+Amended 07 Feb 2001 jeff b <jefF@univrel.pr.uconn.edu>
--- /dev/null
+this version of netatalk represents changes i have made to incorporate
+AFP 2.2 (AppleShare TCP/IP) support. it is based upon 1.4b2 and is not
+currently supported by umich. i hope to eventually get it incorporated
+into a future version.
+
+i hope you find this code useful. as such, i am releasing my changes
+under a copyright similar to the rest of the netatalk code.
+
+i would appreciate users of my patches letting me know of any problems
+or difficulties they have with it. i can only tested it on a limited
+number of machines. as a result, improved compatability and fixes can
+only come if i hear of problems. you can find my patches at
+<ftp://ftp.cobaltnet.com/pub/users/asun>.
+
+the patches currently include the following features:
+ AFP/TCP
+ 64-bit clean
+ large volume support -- you'll need at least 3.7.2seed3
+ and os > 7.6.1 for this to to be used.
+
+ If your compiler can't generate 64-bit
+ ints, you'll need to disable this
+ feature. add -DNO_LARGE_VOL_SUPPORT to
+ the DEFS line in your system's
+ Makefile. NOTE: gcc can generate
+ 64-bit ints.
+
+ ADDITIONAL NOTE: gcc sometimes has
+ problems with 64-bit ints. i already
+ have a workaround in the code to deal
+ with this issue.
+
+ server messages -- at this point, there is no mechanism to send
+ an arbitrary server message.
+
+ all of AFP 2.2. All of AFP 2.1 except for FPCatSearch is
+ is implemented if fixed id support is compiled in.
+
+ tcp wrapper support. if TCPWRAPDIR is uncommented in the
+ main Makefile, tcp wrapper support will get built.
+ i recommend building w/ it to enable host restrictions.
+
+ a number of bug fixes (SO_BROADCAST, server info, file/dir
+ case insensitive comparisons, and more probably)
+
+ working quota support for linux and bsd4.4. nfs rquota support
+ is also available. it hasn't been extensively tested on all
+ the platforms yet. NOTE: there's bug in the linux kernel code
+ pre-2.2.8 and pre-2.0.37 that prevents quota support from working
+ properly under linux.
+
+ you can now specify server options in an afpd.conf file. it's
+ pretty useless unless you want to start multiple servers up.
+ anyways, look at config/afpd.conf to see what's available.
+ in addition, you can use kill -HUP to force a re-read of
+ afpd.conf. as the first kill -HUP turns off connections,
+ you'll have to send another one to force a re-read.
+
+ i've also merged a slightly modified version of redhat's pam
+ patches. you need to make sure that the PAMDIR entry in the main
+ Makefile is uncommented and pointing to the right directory for
+ this to work. in case you don't know what pam is, it stands for
+ pluggable authentication modules. for more information, here's
+ a web page: <http://www.redhat.com/linux-info/pam/>
+
+ i've merged in <shirsch@ibm.net>'s apple II ProDOS support.
+
+ i've added Randnum and 2-Way Randnum support. part of the code is
+ compliments of<shirsch@ibm.net>. as afp doesn't do the
+ fallback thing in case of failure, Randnum and 2-Way Randnum
+ are only available via afpd.conf. To get them to work, each
+ user must have a ~/.passwd file (not read-/writeable by anyone
+ else) with a password. this is a potential security problem as
+ root can read the password. this may be compensated, to some
+ extent, by the fact that your password never goes onto the wire
+ when mounting a volume.
+
+ NOTE: you will need to get a copy of the des library if you
+ don't already have one for this option to work. i got mine
+ from <ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz>
+
+ A Diffie-Hellman-based UAM is also available. This requires
+ libcrypto from either the SSLeay package (available at the
+ above site) or OpenSSL (ftp.openssl.org).
+
+ ADDITIONAL NOTE: the absence of a /dev/urandom or running out
+ of entropy will result a non truly-random number being used as
+ the challenge. you have been warned. for all intents and
+ purposes, however, linux' /dev/urandom should provide a
+ sufficiently random number to be considered secure even when
+ the entropy pool gets drained. it certainly does a much better
+ job than gettimeofday(); random().
+
+ the bad file descriptor bug should now be fixed. thanks to
+ bsmith@h-e.com for tracking this down.
+
+ this patchset should not have a problem with "dancing icons."
+ if you are still having a problem with this, it's highly
+ likely that files in your .AppleDouble directory have gotten
+ corrupted.
+
+ you can now login in with your "real" user name as specified
+ in your password entry. if you don't want to do this, just add
+ -DNO_REAL_USER_NAME to your DEFS line.
+
+ byte locks should now work. if you want to enable the old way
+ of doing things, add -DUSE_FLOCK_LOCKS.
+
+ you can now specify whether or not you want uservolume files
+ to be read. add -nouservol to afpd.conf if you don't want user-
+ specified .AppleVolumes files to be read.
+
+ afpd now will report the number of kilobytes read/written during
+ a session (from the server's perspective).
+
+ i have merged against netatalk-990130. this includes an
+ improved STREAMS driver and some changes to libatalk. the
+ STREAMS driver still doesn't do setsockopt correctly, but it's
+ supposed to be much more stable. contact the folks at umich if
+ you have questions about it.
+
+ fixed a problem with sys/netatalk/ddp_input.c reported by
+ <abs@anim.dreamworks.com>.
+
+ AppleVolumes.* now has many more configuration options. You
+ can specify newline translation (crlf) on a per-volume basis,
+ utilize a codepage translation file for compatibility with
+ other file serving programs, and restrict access to particular
+ volumes. Please read config/AppleVolumes.default for more
+ information.
+
+platforms compiled on:
+ linux/intel,sparc
+ linux/axp
+ *bsd
+ sunos4.1.4/sparc
+ ultrix/mips
+ solaris 2.5.x, 2.6, and 2.7.
+
+problems with appletalk:
+ certain ethernet card/drivers don't deal well with the fact
+ that appletalk aggressively uses hardware multicast. here are
+ a few ones that may cause problems:
+ ne2000 clones
+ 3Com501 cards (maybe others)
+ intel etherexpress/pro
+ set multicast_filter_limit=3 in linux if you're having
+ problems with this card. to do that, add the following
+ line to /etc/conf.modules:
+ options eepro100 multicast_filter_limit=3
+
+Acknowledgements:
+ i would like to thank leland wallace at apple for a lot of
+ helpful advice on interpreting the appleshare ip documentation.
+
+ i would also like to thank the numerous people who have helped
+ test this program. they greatly improved the compatability of
+ the code.
+
+ REALM Information provided financial support for the
+ AppleDouble v2 and CNID database work.
+
+adrian sun
+asun@cobaltnet.com