experimental code added from Bob Rogers to generate more persistant DIDs

[netatalk.git] / doc / README.ASUN

this version of netatalk represents changes i have made to incorporate
AFP 2.2 (AppleShare TCP/IP) support. it is based upon 1.4b2 and is not
currently supported by umich. i hope to eventually get it incorporated
into a future version. 

i hope you find this code useful. as such, i am releasing my changes
under a copyright similar to the rest of the netatalk code. 

i would appreciate users of my patches letting me know of any problems
or difficulties they have with it. i can only tested it on a limited
number of machines. as a result, improved compatability and fixes can 
only come if i hear of problems. you can find my patches at
<ftp://ftp.cobaltnet.com/pub/users/asun>.

the patches currently include the following features:
        AFP/TCP
        64-bit clean
        large volume support -- you'll need at least 3.7.2seed3 
                                and os > 7.6.1 for this to to be used.

                                If your compiler can't generate 64-bit
                                ints, you'll need to disable this
                                feature. add -DNO_LARGE_VOL_SUPPORT to
                                the DEFS line in your system's
                                Makefile. NOTE: gcc can generate
                                64-bit ints.

                                ADDITIONAL NOTE: gcc sometimes has
                                problems with 64-bit ints. i already
                                have a workaround in the code to deal
                                with this issue.

        server messages -- at this point, there is no mechanism to send
                           an arbitrary server message. 

        all of AFP 2.2. All of AFP 2.1 except for FPCatSearch is 
                is implemented if fixed id support is compiled in.

        tcp wrapper support. if TCPWRAPDIR is uncommented in the
                main Makefile, tcp wrapper support will get built.
                i recommend building w/ it to enable host restrictions.

        a number of bug fixes (SO_BROADCAST, server info, file/dir
                case insensitive comparisons, and more probably)

        working quota support for linux and bsd4.4. nfs rquota support
        is also available. it hasn't been extensively tested on all
        the platforms yet. NOTE: there's bug in the linux kernel code 
        pre-2.2.8 and pre-2.0.37 that prevents quota support from working
        properly under linux.

        you can now specify server options in an afpd.conf file. it's
        pretty useless unless you want to start multiple servers up.
        anyways, look at config/afpd.conf to see what's available.
        in addition, you can use kill -HUP to force a re-read of
        afpd.conf. as the first kill -HUP turns off connections,
        you'll have to send another one to force a re-read.

        i've also merged a slightly modified version of redhat's pam
        patches. you need to make sure that the PAMDIR entry in the main
        Makefile is uncommented and pointing to the right directory for
        this to work. in case you don't know what pam is, it stands for
        pluggable authentication modules. for more information, here's
        a web page: <http://www.redhat.com/linux-info/pam/>

        i've merged in <shirsch@ibm.net>'s apple II ProDOS support. 

        i've added Randnum and 2-Way Randnum support. part of the code is
        compliments of<shirsch@ibm.net>. as afp doesn't do the
        fallback thing in case of failure, Randnum and 2-Way Randnum
        are only available via afpd.conf. To get them to work, each
        user must have a ~/.passwd file (not read-/writeable by anyone
        else) with a password. this is a potential security problem as
        root can read the password. this may be compensated, to some
        extent, by the fact that your password never goes onto the wire
        when mounting a volume.

        NOTE: you will need to get a copy of the des library if you
        don't already have one for this option to work. i got mine
        from <ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz>

        A Diffie-Hellman-based UAM is also available. This requires 
        libcrypto from either the SSLeay package (available at the
        above site) or OpenSSL (ftp.openssl.org).

        ADDITIONAL NOTE: the absence of a /dev/urandom or running out
        of entropy will result a non truly-random number being used as 
        the challenge. you have been warned. for all intents and
        purposes, however, linux' /dev/urandom should provide a
        sufficiently random number to be considered secure even when
        the entropy pool gets drained. it certainly does a much better
        job than gettimeofday(); random().
        
        the bad file descriptor bug should now be fixed. thanks to
        bsmith@h-e.com for tracking this down.

        this patchset should not have a problem with "dancing icons."
        if you are still having a problem with this, it's highly
        likely that files in your .AppleDouble directory have gotten
        corrupted.

        you can now login in with your "real" user name as specified
        in your password entry. if you don't want to do this, just add
        -DNO_REAL_USER_NAME to your DEFS line.

        byte locks should now work. if you want to enable the old way
        of doing things, add -DUSE_FLOCK_LOCKS.

        you can now specify whether or not you want uservolume files
        to be read. add -nouservol to afpd.conf if you don't want user-
        specified .AppleVolumes files to be read.

        afpd now will report the number of kilobytes read/written during
        a session (from the server's perspective).
        
        i have merged against netatalk-990130. this includes an
        improved STREAMS driver and some changes to libatalk. the
        STREAMS driver still doesn't do setsockopt correctly, but it's
        supposed to be much more stable. contact the folks at umich if
        you have questions about it.

        fixed a problem with sys/netatalk/ddp_input.c reported by
        <abs@anim.dreamworks.com>.
        
        AppleVolumes.* now has many more configuration options. You
        can specify newline translation (crlf) on a per-volume basis,
        utilize a codepage translation file for compatibility with
        other file serving programs, and restrict access to particular
        volumes. Please read config/AppleVolumes.default for more
        information.

platforms compiled on: 
        linux/intel,sparc
        linux/axp
        *bsd
        sunos4.1.4/sparc
        ultrix/mips
        solaris 2.5.x, 2.6, and 2.7. 

problems with appletalk: 
        certain ethernet card/drivers don't deal well with the fact
        that appletalk aggressively uses hardware multicast. here are
        a few ones that may cause problems:
            ne2000 clones
            3Com501 cards (maybe others)
            intel etherexpress/pro 
              set multicast_filter_limit=3 in linux if you're having
              problems with this card. to do that, add the following
              line to /etc/conf.modules: 
                 options eepro100 multicast_filter_limit=3

Acknowledgements:
        i would like to thank leland wallace at apple for a lot of
        helpful advice on interpreting the appleshare ip documentation.
 
        i would also like to thank the numerous people who have helped
        test this program. they greatly improved the compatability of
        the code.

        REALM Information provided financial support for the
        AppleDouble v2 and CNID database work.

adrian sun
asun@cobaltnet.com