Consistently set default UAMs to DHX,DHX2. From HAT. Merge from 2-0

diff --git a/config/afpd.conf.tmpl b/config/afpd.conf.tmpl
index 11c127c1e72cb1d8323c671801bb7606be14d862..09177a1162ec8eac1fa872173bfd9691c384511d 100644 (file)
--- a/config/afpd.conf.tmpl
+++ b/config/afpd.conf.tmpl
@@ -57,7 +57,7 @@
 #     -uampath <path>  Use this path to look for User Authentication Modules.
 #                     (default: :UAMS_PATH:)
 #     -uamlist <a,b,c> Comma-separated list of UAMs. (default:
-#                     uams_guest.so,uams_clrtxt.so,uams_dhx.so) 
+#                     uams_dhx.so,uams_dhx2.so) 
 #
 #                     some commonly available UAMs:
 #                      uams_guest.so: Allow guest logins
@@ -74,6 +74,10 @@
 #                                  Allow Diffie-Hellman eXchange
 #                                  (DHX) for authentication.
 #
+#                     uams_dhx2.so: (uams_dhx2_pam.so or uams_dhx2_passwd.so)
+#                                   Allow Diffie-Hellman eXchange 2
+#                                   (DHX2) for authentication.
+#
 #   Password Options:
 #     -[no]savepassword   [Don't] Allow clients to save password locally
 #     -passwdfile <path>  Use this path to store Randnum
@@ -221,4 +225,4 @@
 #              "special" -notcp -defaultvol <path> -systemvol <path>
 #
 # default:
-# - -transall -uamlist uams_clrtxt.so,uams_dhx.so -nosavepassword
+# - -transall -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword

diff --git a/config/netatalk.conf b/config/netatalk.conf
index 5c24d16e7299c790adfbbbe4c86028585e09d186..458fe1a31e677195135d8baff566d7925591146c 100644 (file)
--- a/config/netatalk.conf
+++ b/config/netatalk.conf
@@ -15,7 +15,7 @@ ATALK_UNIX_CHARSET='LOCALE'
 # specify the UAMs to enable
 # available options: uams_guest.so, uams_clrtxt.so, uams_randnum.so, 
 #                           uams_dhx.so, uams_dhx2.so
-AFPD_UAMLIST="-U uams_guest.so,uams_dhx2.so"
+# AFPD_UAMLIST="-U uams_dhx.so,uams_dhx2.so"
 
 # Change this to set the id of the guest user
 AFPD_GUEST=nobody

diff --git a/config/netatalk.conf.cobalt b/config/netatalk.conf.cobalt
index cf5ab6ac189e13213eb4bf8647840b1d80a55b90..3be97d4ebf924d5de881c31f3a74625b71429eb0 100644 (file)
--- a/config/netatalk.conf.cobalt
+++ b/config/netatalk.conf.cobalt
@@ -6,10 +6,11 @@ AFPD_MAX_CLIENTS=100
 #ATALK_ZONE=@zone
 ATALK_NAME=`hostname|sed 's/\..*$//'`
 
-# specify this if you don't want guest, clrtxt, and dhx
-# available options: uams_guest.so, uams_clrtxt.so, uams_dhx.so, 
+# specify this if you don't want dhx and dhx2
+# available options: uams_guest.so, uams_clrtxt.so, 
+#                    uams_dhx.so, uams_dhx2.so, 
 #                   uams_randnum.so
-AFPD_UAMLIST="-U uams_clrtxt.so,uams_dhx.so"
+AFPD_UAMLIST="-U uams_dhx.so,uams_dhx2.so"
 
 # Change this to set the id of the guest user
 AFPD_GUEST=nobody

diff --git a/distrib/debian/logcheck/ignore.d.server b/distrib/debian/logcheck/ignore.d.server
index 3e3ce37e529f3805d48e86fe8ccb34a8a3020255..bf7b562a9c265bf6cf637d886a58f09839dbce64 100644 (file)
--- a/distrib/debian/logcheck/ignore.d.server
+++ b/distrib/debian/logcheck/ignore.d.server
@@ -1,4 +1,4 @@
-afpd\[.*\]: ((dhx|cleartext) )?login: [[:alnum:]]+
+afpd\[.*\]: ((dhx|dhx2) )?login: [[:alnum:]]+
 afpd\[.*\]: (server_child\[[[:digit:]]+\] [[:digit:]]+ )?(done|exited 1)
 afpd\[.*\]: [\.[:alnum:]]+ read, [\.[:alnum:]]+ written
 afpd\[.*\]: .*: Broken pipe
@@ -18,6 +18,7 @@ afpd\[.*\]: logout [[:alnum:]]+
 afpd\[.*\]: registering [[:alnum:]]+ \(uid [[:digit:]]+\) on [\.[:digit:]]+ as /.+/net[\.[:digit:]]+node[[:digit:]]+
 afpd\[.*\]: session from [\.:[:digit:]]+ on [\.:[:digit:]]+
 afpd\[.*\]: uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)
+afpd\[.*\]: uams_dhx2_pam.c :PAM: PAM (Auth OK!|Success -- Success)
 afpd\[.*\]: using codepage directory: /etc/netatalk/nls/maccode\.[\.[:alnum:]-]+
 atalkd\[.*\]: .*: Network is unreachable
 atalkd\[.*\]: zip gnireply from [\.[:digit:]]+ \(.* [[:digit:]]\)

diff --git a/distrib/initscripts/rc.atalk.debian.tmpl b/distrib/initscripts/rc.atalk.debian.tmpl
index 777ee3ddf37dc767d7635a2bb467519afa134a80..e408819c4039709e4c0ee80b1229ce46b7c87dad 100644 (file)
--- a/distrib/initscripts/rc.atalk.debian.tmpl
+++ b/distrib/initscripts/rc.atalk.debian.tmpl
@@ -4,7 +4,7 @@
 #
 # Author:       Thomas Kaiser <Thomas.Kaiser@phg-online.de>
 #
-# Version:      $Id: rc.atalk.debian.tmpl,v 1.3 2009-03-31 14:08:35 franklahm Exp $
+# Version:      $Id: rc.atalk.debian.tmpl,v 1.4 2009-04-30 10:48:38 franklahm Exp $
 
 set -e
 

diff --git a/doc/DEVELOPER b/doc/DEVELOPER
index 9e308de722ca27b9399ce401b8adda49cd3908b8..82d702d32a4d607e3052346462a2a43f046dcb1b 100644 (file)
--- a/doc/DEVELOPER
+++ b/doc/DEVELOPER
@@ -108,7 +108,7 @@ Program: (see the GNU mirrors) /gnu/automake/automake-1.5.tar.gz
 
 Optional
 ========
-5. OpenSSL
+5. OpenSSL and/or Libgcrypt
 The OpenSSL Project is a collaborative effort to develop a robust,
 commercial-grade, full-featured, and Open Source toolkit implementing
 the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
@@ -118,6 +118,12 @@ This is required to enable DHX login support.
 
 Get everything at http://www.openssl.org/ 
 
+The Libgcrypt is a general purpose cryptographic library based on
+the code from GnuPG.
+This is required to enable DHX2 login support.
+
+Get everything at http://directory.fsf.org/project/libgcrypt/
+
 6. TCP Wrappers 
 Wietse Venema's network logger, also known as TCPD or LOG_TCP. These
 programs log the client host name of incoming telnet, ftp, rsh,

diff --git a/doc/FAQ b/doc/FAQ
index 0c3d80658fb0ff1cd7e1076abf4e7ffca1e0c91c..3a396ee756c8084a428439aa301fbdacf61c1144 100644 (file)
--- a/doc/FAQ
+++ b/doc/FAQ
@@ -1,5 +1,5 @@
 Netatalk Frequently Asked Questions
-($Id: FAQ,v 1.12 2003-02-24 23:33:14 srittau Exp $)
+($Id: FAQ,v 1.13 2009-04-30 10:48:38 franklahm Exp $)
 
 -----------------------------------------------------------------------------
 
@@ -616,6 +616,20 @@ A:   Most of the security for Netatalk must be derived from the
 
            http://www.openssl.org/ 
 
+       --with-libgcrypt-dir=[PATH]: specify path to Libgcrypt installation.
+
+         NOTE: This is dependent on the same directory layout as the
+         source distribution of Libgcrypt. That is: include/ and
+        lib/ to be on the same level.
+         This is required to enable DHX2 login support, which
+         will encrypt all of the passwords being sent across the 
+         connection. (Some old Mac clients don't support this, check
+         this FAQ for the section on AppleShare clients.)
+         Check to see if your Unix has Libgcrypt already, or
+         get everything at:
+
+           http://directory.fsf.org/project/libgcrypt/
+
     Be aware that on the volumes that are shared, some of the 
     special folders (.AppleDesktop, "Network Trash Folder") get
     assigned. A lot of these get created as world-writable (because that's

diff --git a/etc/afpd/afp_options.c b/etc/afpd/afp_options.c
index 0785df30c109e1ead8ed90dd2b32b6694fc17268..f173d0169309e6e7c7529578c74d6c52b22a0051 100644 (file)
--- a/etc/afpd/afp_options.c
+++ b/etc/afpd/afp_options.c
@@ -1,5 +1,5 @@
 /*
- * $Id: afp_options.c,v 1.42 2009-04-01 12:40:41 franklahm Exp $
+ * $Id: afp_options.c,v 1.43 2009-04-30 10:48:38 franklahm Exp $
  *
  * Copyright (c) 1997 Adrian Sun (asun@zoology.washington.edu)
  * Copyright (c) 1990,1993 Regents of The University of Michigan.
@@ -164,7 +164,7 @@ void afp_options_init(struct afp_options *options)
     options->systemvol.name = _PATH_AFPDSYSVOL;
     options->configfile = _PATH_AFPDCONF;
     options->uampath = _PATH_AFPDUAMPATH;
-    options->uamlist = "uams_clrtxt.so,uams_dhx.so";
+    options->uamlist = "uams_dhx.so,uams_dhx2.so";
     options->guest = "nobody";
     options->loginmesg = "";
     options->transports = AFPTRANS_ALL;