# -uampath <path> Use this path to look for User Authentication Modules.
# (default: :UAMS_PATH:)
# -uamlist <a,b,c> Comma-separated list of UAMs. (default:
-# uams_guest.so,uams_clrtxt.so,uams_dhx.so)
+# uams_dhx.so,uams_dhx2.so)
#
# some commonly available UAMs:
# uams_guest.so: Allow guest logins
# Allow Diffie-Hellman eXchange
# (DHX) for authentication.
#
+# uams_dhx2.so: (uams_dhx2_pam.so or uams_dhx2_passwd.so)
+# Allow Diffie-Hellman eXchange 2
+# (DHX2) for authentication.
+#
# Password Options:
# -[no]savepassword [Don't] Allow clients to save password locally
# -passwdfile <path> Use this path to store Randnum
# "special" -notcp -defaultvol <path> -systemvol <path>
#
# default:
-# - -transall -uamlist uams_clrtxt.so,uams_dhx.so -nosavepassword
+# - -transall -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword
ATALK_MAC_CHARSET='MAC_ROMAN'
ATALK_UNIX_CHARSET='LOCALE'
-# specify this if you don't want guest, clrtxt, and dhx
-# available options: uams_guest.so, uams_clrtxt.so, uams_dhx.so,
+# specify this if you don't want dhx and dhx2
+# available options: uams_guest.so, uams_clrtxt.so,
+# uams_dhx.so, uams_dhx2.so,
# uams_randnum.so
-#AFPD_UAMLIST="-U uams_clrtxt.so,uams_dhx.so"
+#AFPD_UAMLIST="-U uams_dhx.so,uams_dhx2.so"
# Change this to set the id of the guest user
AFPD_GUEST=nobody
#ATALK_ZONE=@zone
ATALK_NAME=`hostname|sed 's/\..*$//'`
-# specify this if you don't want guest, clrtxt, and dhx
-# available options: uams_guest.so, uams_clrtxt.so, uams_dhx.so,
+# specify this if you don't want dhx and dhx2
+# available options: uams_guest.so, uams_clrtxt.so,
+# uams_dhx.so, uams_dhx2.so,
# uams_randnum.so
-AFPD_UAMLIST="-U uams_clrtxt.so,uams_dhx.so"
+AFPD_UAMLIST="-U uams_dhx.so,uams_dhx2.so"
# Change this to set the id of the guest user
AFPD_GUEST=nobody
-afpd\[.*\]: ((dhx|cleartext) )?login: [[:alnum:]]+
+afpd\[.*\]: ((dhx|dhx2) )?login: [[:alnum:]]+
afpd\[.*\]: (server_child\[[[:digit:]]+\] [[:digit:]]+ )?(done|exited 1)
afpd\[.*\]: [\.[:alnum:]]+ read, [\.[:alnum:]]+ written
afpd\[.*\]: .*: Broken pipe
afpd\[.*\]: registering [[:alnum:]]+ \(uid [[:digit:]]+\) on [\.[:digit:]]+ as /.+/net[\.[:digit:]]+node[[:digit:]]+
afpd\[.*\]: session from [\.:[:digit:]]+ on [\.:[:digit:]]+
afpd\[.*\]: uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)
+afpd\[.*\]: uams_dhx2_pam.c :PAM: PAM (Auth OK!|Success -- Success)
afpd\[.*\]: using codepage directory: /etc/netatalk/nls/maccode\.[\.[:alnum:]-]+
atalkd\[.*\]: .*: Network is unreachable
atalkd\[.*\]: zip gnireply from [\.[:digit:]]+ \(.* [[:digit:]]\)
#
# Author: Thomas Kaiser <Thomas.Kaiser@phg-online.de>
#
-# Version: $Id: rc.atalk.debian.tmpl,v 1.1.4.1 2004-10-27 13:31:04 tkaiser Exp $
+# Version: $Id: rc.atalk.debian.tmpl,v 1.1.4.2 2009-04-30 09:35:06 franklahm Exp $
set -e
test -x :SBINDIR:/atalkd || exit 0
# Set defaults. Please change these options in :ETCDIR:/netatalk.conf.
-AFPD_UAMLIST="-U uams_dhx.so,uams_clrtxt.so"
+AFPD_UAMLIST="-U uams_dhx.so"
AFPD_GUEST=nobody
AFPD_MAX_CLIENTS=50
ATALK_ZONE=
Optional
========
-5. OpenSSL
+5. OpenSSL and/or Libgcrypt
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
Get everything at http://www.openssl.org/
+The Libgcrypt is a general purpose cryptographic library based on
+the code from GnuPG.
+This is required to enable DHX2 login support.
+
+Get everything at http://directory.fsf.org/project/libgcrypt/
+
6. TCP Wrappers
Wietse Venema's network logger, also known as TCPD or LOG_TCP. These
programs log the client host name of incoming telnet, ftp, rsh,
Netatalk Frequently Asked Questions
-($Id: FAQ,v 1.12 2003-02-24 23:33:14 srittau Exp $)
+($Id: FAQ,v 1.12.8.1 2009-04-30 09:35:06 franklahm Exp $)
-----------------------------------------------------------------------------
http://www.openssl.org/
+ --with-libgcrypt-dir=[PATH]: specify path to Libgcrypt installation.
+
+ NOTE: This is dependent on the same directory layout as the
+ source distribution of Libgcrypt. That is: include/ and
+ lib/ to be on the same level.
+ This is required to enable DHX2 login support, which
+ will encrypt all of the passwords being sent across the
+ connection. (Some old Mac clients don't support this, check
+ this FAQ for the section on AppleShare clients.)
+ Check to see if your Unix has Libgcrypt already, or
+ get everything at:
+
+ http://directory.fsf.org/project/libgcrypt/
+
Be aware that on the volumes that are shared, some of the
special folders (.AppleDesktop, "Network Trash Folder") get
assigned. A lot of these get created as world-writable (because that's
/*
- * $Id: afp_options.c,v 1.30.2.2.2.11.2.1 2004-12-07 18:22:38 bfernhomberg Exp $
+ * $Id: afp_options.c,v 1.30.2.2.2.11.2.2 2009-04-30 09:35:06 franklahm Exp $
*
* Copyright (c) 1997 Adrian Sun (asun@zoology.washington.edu)
* Copyright (c) 1990,1993 Regents of The University of Michigan.
options->systemvol.name = _PATH_AFPDSYSVOL;
options->configfile = _PATH_AFPDCONF;
options->uampath = _PATH_AFPDUAMPATH;
- options->uamlist = "uams_clrtxt.so,uams_dhx.so";
+ options->uamlist = "uams_dhx.so,uams_dhx2.so";
options->guest = "nobody";
options->loginmesg = "";
options->transports = AFPTRANS_ALL;
.PP
\-uamlist \fI[uams list]\fR
.RS 4
-Comma separated list of UAMs\&. (The default is uams_clrtxt\&.so,uams_dhx\&.so)\&.
+Comma separated list of UAMs\&. (The default is uams_dhx\&.so,uams_dhx2\&.so)\&.
.sp
The most commonly used UAMs are:
.PP
(uams_dhx_pam\&.so or uams_dhx_passwd\&.so) Allow Diffie\-Hellman eXchange (DHX) for authentication\&.
.RE
.PP
+uams_dhx2\&.so
+.RS 4
+(uams_dhx2_pam\&.so or uams_dhx2_passwd\&.so) Allow Diffie\-Hellman eXchange 2 (DHX2) for authentication\&.
+.RE
+.PP
uam_gss\&.so
.RS 4
Allow Kerberos V for authentication (optional)
.RS 4
.\}
.nf
-\- \-transall \-uamlist uams_clrtxt\&.so,uams_dhx\&.so
+\- \-transall \-uamlist uams_dhx\&.so,uams_dhx2\&.so
.fi
.if n \{\
.RE
.RS 4
.\}
.nf
-\- \-transall \-uamlist uams_clrtxt\&.so,uams_dhx\&.so,uams_guest\&.so,uams_gss\&.so \e
+\- \-transall \-uamlist uams_clrtxt\&.so,uams_dhx\&.so,uams_dhx2\&.so,uams_guest\&.so,uams_gss\&.so \e
\-k5service afpserver \-k5keytab /path/to/afpserver\&.keytab \e
\-k5realm YOUR\&.REALM \-fqdn your\&.fqdn\&.namel:548
.fi
.\}
.nf
"Guest Server" \-uamlist uams_guest\&.so \-loginmesg "Welcome guest!"
-"User Server" \-uamlist uams_dhx\&.so \-port 12000
+"User Server" \-uamlist uams_dhx2\&.so \-port 12000
"special" \-notcp \-defaultvol <path> \-systemvol <path>
.fi
.if n \{\
projects / netatalk.git / commitdiff