1 Netatalk Frequently Asked Questions
2 ($Id: FAQ,v 1.6 2001-10-19 16:10:40 lancel Exp $)
4 -----------------------------------------------------------------------------
6 Q1: Where can I get more information on Netatalk?
7 Q2: What is this I keep seeing about asun?
8 Q3: How do I get the most recent version of Netatalk?
9 Q4: Can I get an almost current version of Netatalk without having to learn CVS?
10 Q4a: Is there an RPM, package, or tarball for my platform?
11 Q5: I'm having massive file deletion problems!
12 Q6: I am having lots of file locking problems!
13 Q7: I'm getting this message in my logs:
14 WARNING: DID conflict for ... Are these the same file?
15 Q8: I can't seem to use passwords longer than 8 characters for my netatalk
16 accounts. How can I fix that?
17 Q9: I would like to use encrypted passwords to authenticate to the Netatalk
18 server. How do I do that?
19 Q10: How can I set who has access to certain directories?
20 Q11: What are the .AppleDouble and .Parent directories which are created in
21 the netatalk locations?
22 Q12: Hidden files - what's up with that?
23 Q13: I get a "socket: Invalid argument" error when trying to start netatalk
24 under Linux. What is causing this?
25 Q14: Netatalk works over Appletalk, but my IP connections are refused, even
26 though I have enabled them in the configuration files.
27 Q15: I'm having Quark Express file locking problems, is there information on that?
28 Q16: I'm getting this error in Quark Express when trying to save a file to
29 the server: 'Error Type -50'
30 Q17: Does netatalk work with Mac OSX?
31 Q18: I'm getting an 'Application for this document not found' error on OS X.
32 Q19: I'm getting an 'Error Type -43' error on OS X.
33 Q20: How do I get the directories that are created by Netatalk to have the
34 correct permissions by default?
35 Q21: What does this error mean:
36 'afpd[#####]: setdirmode: chmod .AppleDouble Operation not permitted'
37 Q22: I'm having problems with the Trash folder: either when someone drags
38 files into it, the system want's them todelete them immeidately, or files
39 get stuck in there and won't delete.
40 Q23: The daemons aren't starting, things aren't showing up in the Chooser,
41 and I get a message like this in the logs: afpd[####]: Can't register
43 Q24: I want to be able to allow users to change their passwords? How do
44 I enable this feature. Every time I try I get an error that it was
45 unable to save the password.
46 Q25: Can a mount a Mac volume on my unix machine?
47 Q26: Can I run Samba and Netatalk together to access the same files?
48 Q27: Files I create on my Samba shares are invisible on the mac side.
49 Q27a: How can I set netatalk to hide some files from the Samba (or
51 Q28: Files I create on my netatalk shares are invisible on the PC side.
52 Q28a: How can I set Samba to hide the netatalk specific files (e.g.
54 Q29: I compiled Samba with the --with-netatalk flag. What did that do?
55 Q30: What about the differences in naming schemes, and legal/illegal
56 characters between Windows, Macs (and unix?)
57 Q31: Where can I get the cnid-db (berkely db3) software? (needed for
59 Q32: What about security in Netatalk?
63 -----------------------------------------------------------------------------
66 Q1: Where can I get more information on Netatalk?
68 A: The current location of the actively developed netatalk project can be
69 found on SourceForge, at: http:/www.sourceforge.net/projects/netatalk.
71 There are (at least) two very active e-mail lists to which you can
72 subscribe, the first, netatalk-admins, is for usage and basic
73 setup/compile questions. It is NOT maintained at sourceforge, but rather
74 at the University of Michigan, which was involved with a good deal of the
77 Subscribe by sending an e-mail to netatalk-admins-request@umich.edu with a
78 subject of "subscribe" and a blank body. This can be very high volume, but
79 usually a few messages a day.
81 The archive is available at:
82 ftp://terminator.rs.itd.umich.edu/unix/netatalk/ and is called
83 netatalk-admins.mail. This is a ~6M mbox file. Archives from
84 previous years are available there as well.
86 Netatalk-devel list is more specific to coding and testing. It can be
87 browsed at: http://www.geocrawler.com/redir-sf.php3?list=netatalk-devel,
89 http://lists.sourceforge.net/lists/listinfo/netatalk-devel This varies in
90 volume, but is usually moderately active.
92 Netatalk-docs is specific to documentation. It can be browsed at:
93 http://www.geocrawler.com/redir-sf.php3?list=netatalk-docs
95 http://lists.sourceforge.net/lists/listinfo/netatalk-docs
96 This list is being revived.
98 There are other netatalk information sites. Some of these are no
99 longer actively updated, some are site-specific, but still have
101 http://www.umich.edu/~rsug/netatalk/index.html
102 http://www.anders.com/projects/netatalk/ and many unices have their own
103 sites and distributions (tarballs, rpm's, packages, etc.)
104 http://www.faredge.com.au/netatalk/index.html
106 Q2: What is this I keep seeing about asun?
108 A: Before netatalk moved to SourceForge, Adrian Sun (asun) had written
109 some patches to netatalk which helped significantly with it's usability,
110 especially using appleshareIP. These patches are still provided by many
111 unix vendors. I believe all of these patches are included in the current
112 Sourceforge versions.
115 Q3: How do I get the most recent version of Netatalk?
117 A: Via CVS from Sourceforge.net. This is the actively maintained version
118 of netatalk, changes are being made constantly, and therefore it is not
119 suitable for production environments. The netatalk at Sourceforge is in
120 Beta, so keep that in mind.
122 To create the CVS tree - from the directory you want to use as your CVS
125 % cvs -d:pserver:anonymous@cvs.netatalk.sourceforge.net:/cvsroot/netatalk login
127 hit <enter> at the Password: prompt
130 -d:pserver:anonymous@cvs.netatalk.sourceforge.net:/cvsroot/netatalk co
133 This will create a netatalk subdirectory, and check out all of the files.
134 If you run this same command subsequently, you will update any files which
135 have changed (on the CVS server) since your last checkout.
137 Once you've done that, read the INSTALL file in the netatalk/ directory,
138 plus the CONFIGURE file. If you're installing from CVS, you'll most likely
139 need have some supplementary software installed, such as gmake. Some
140 systems work fine with make. Additional information can be found in docs/.
142 The main things to know, though, are this: you must run
145 in the netatalk/ directory first, in order to create your configure file.
148 % ./configure --help | more in order to get a feel for which compile
149 flags are available. Some of these flags are summarized below, some are
150 summarized in the INSTALL file, and some have individual README. files.
152 To learn more about CVS, a good place to start is: http://www.cvshome.org,
153 or http://www.cvshome.org/docs/manual, or
154 http://www.cvshome.org/form/form.cgi (this is the FAQ).
156 There are GUI cvs systems for Windows and Macs. Search on SourceForge for
160 Q4: Can I get an almost current version of Netatalk without having to learn CVS?
162 A: Yes. Weekly (or thereabouts) snapshots of the CVS tree should be
163 posted for the benefit of those that don't want to / can't use CVS. As of
164 10/3/01, these were being put up at:
166 ftp://ftp.marcuscom.com/pub/netatalk/nightly
168 From the mail archives:
169 I have started an archive of nightly CVS snap shots that build a tar.gz of
170 netatalk ready to configure and build. The images can be downloaded from:
172 ftp://ftp.marcuscom.com/pub/netatalk/nightly
173 This site only allows active FTP, so the snaps are also available at:
174 http://www.marcuscom.com/netatalk/nightly
176 You should be able to treat these images as you would a release. Just
177 configure as you normally work, then run make (or gmake as the case may
178 be). There is no need to run autogen.sh on these images.
181 Q4a: Is there an RPM, package, or tarball for my platform?
183 A: Perhaps. These vary in how often they're updated:
185 FreeBSD - port: /usr/ports/net/netatalk - maintained by Joe Clark
186 SUSE - ftp://ftp.suse.com/pub/suse/i386/7.2/suse/n2/netatalk.rpm
187 OpenBSD - port: /usr/ports/net/netatalk/
188 (not actively maintained, as far as I can tell, and it's pretty old.)
189 Debian - http://non-us.debian.org/debian-non-us/pool/non-US/main/n/netatalk/
190 (This is the debian site which includes code which should not be
191 exported from the US. It may be legally forbidden to export the
192 software in non-us from the U.S., but since non-us.debian.org is located
193 in the Netherlands [and the maintainer of this package is in Germany],
194 there shouldn't be any problems for anybody downloading and using this.
195 Also, all this doesn't apply to netatalk, since the Debian version isn't
196 linked against OpenSSL anymore.)
198 Redhat - RPMs of various types:
199 ftp://ftp.vircio.com/pub/netatalk/netatalk-1.5pre8-1.i386.rpm
200 ftp://ftp.vircio.com/pub/netatalk/netatalk-devel-1.5pre8-1.i386.rpm
201 ftp://ftp.vircio.com/pub/netatalk/netatalk-1.5pre8-1.src.rpm
204 Q5: I'm having massive file deletion problems!
205 Q6: I am having lots of file locking problems!
206 Q7: I'm getting this message in my logs:
207 WARNING: DID conflict for ... Are these the same file?
209 A: Compile with the --with-did=last flag set. This activates a different
210 method of calculating inodes in the software, and will hopefully fix some
211 of these problems. This code, along with the CNID code, was still being
212 worked out in Pre7. The cnid/db3 flags also go along with this:
213 --enable-cnid-db use persistent cnid database per volume (EXPERIMENTAL)
214 --with-db3=PATH specify path to Berkeley DB3 installation
215 --with-did=[scheme] set DID scheme (last,mtab)
217 (For more information on CNID, see the README.cnid file [may not exist yet],
218 into which I just copied wholesale Joe's comments on what he did with
221 --with-did=last reverted things back to the old 1.4b2 directory ID
222 calculation algorithm. This also solved the problem of the syslog
223 messages and the users complaining of file deletions. It's also been
224 found that by disabling *BSD's SOFTUPDATES feature on Netatalk volumes (on
225 FreeBSD), multi-user interaction seemed to work better. This was back in
226 a late 4.2-BETA, so it's not clear if this still holds true in 4.4-RELEASE
230 Q8: I can't seem to use passwords longer than 8 characters for my netatalk
231 accounts. How can I fix that?
233 Q9: I would like to use encrypted passwords to authenticate to the Netatalk
234 server. How do I do that?
236 A: Update to a newer version of AppleShare Client (I think the most
237 recent is 3.8.8). This allows longer passwords, and will allow you to
238 use encrypted passwords. Set which way you would like to authenticate
239 in either afpd.conf or netatalk.conf, depending on your set up.
241 For more information on the appleshare client from apple, and which clients
242 are needed for which MacOS, see
243 http://til.info.apple.com/techinfo.nsf/artnum/n60792?OpenDocument&software
244 (this site requires cookies, and a registration and sign-in).
247 Q10: How can I set who has access to certain directories?
249 A: You can certainly do this with your unix permissions, but also explore the
250 allow/deny/rwlist/rolist options in the AppleVolumes.default file:
252 # allow/deny/rwlist/rolist format [syntax: allow:user1,@group]:
253 # user1,@group,user2 -> allows/denies access from listed users/groups
254 # rwlist/rolist control whether or not the
255 # volume is ro for those users.
257 Also, some unices, specically FreeBSD, have other options:
260 "What about file and directory permissions? Since I didn't use the FORCE
261 UID/GID code, I decided to use a feature of FreeBSD called SUIDDIR. From
262 the LINT kernel config file:
264 # If you are running a machine just as a fileserver for PC and MAC
265 # users, using SAMBA or Netatalk, you may consider setting this option
266 # and keeping all those users' directories on a filesystem that is
267 # mounted with the suiddir option. This gives new files the same
268 # ownership as the directory (similar to group). It's a security hole
269 # if you let these users run programs, so confine it to file-servers
270 # (but it'll save you lots of headaches in those cases). Root owned
271 # directories are exempt and X bits are cleared. The suid bit must be
272 # set on the directory as well; see chmod(1) PC owners can't see/set
273 # ownerships so they keep getting their toes trodden on. This saves
274 # you all the support calls as the filesystem it's used on will act as
275 # they expect: "It's my dir so it must be my file".
277 FORCE UID/GID code, I decided to use a feature of FreeBSD called
278 SUIDDIR. From the LINT kernel config file:
280 # If you are running a machine just as a fileserver for PC and MAC
281 # users, using SAMBA or Netatalk, you may consider setting this option
282 # and keeping all those users' directories on a filesystem that is
283 # mounted with the suiddir option. This gives new files the same
284 # ownership as the directory (similar to group). It's a security hole
285 # if you let these users run programs, so confine it to file-servers
286 # (but it'll save you lots of headaches in those cases). Root owned
287 # directories are exempt and X bits are cleared. The suid bit must be
288 # set on the directory as well; see chmod(1) PC owners can't see/set
289 # ownerships so they keep getting their toes trodden on. This saves
290 # you all the support calls as the filesystem it's used on will act as
291 # they expect: "It's my dir so it must be my file".
293 And the associated mount command:
295 mount -o suiddir /dev/da2s1e /macvol/artfiles
297 This was used on my dedicated Netatalk/Samba filesystems. On
298 filesystems that were also used for interactive shell access, I chmod'd
299 my Netatalk shares 2770. The reason for this is that I set up a UNIX
300 group for each department in the ad agency. I had an art group, a media
301 group, an accounting group, and then, or course, a general staff group.
302 Each share was only allowed access by the group that needed to access
303 the share. So, the Artfiles share allowed access only to the art group:
305 /macvol/artfiles "Art Files" allow:@art
307 And the others followed in kind. Therefore, the 2770 mask allowed only
308 owners and people in the associated group access to read and write
309 files. The leading 2 set the setgid bit so that all child files and
310 directories would retain the same group permissions. I found this to
313 This was used on my dedicated Netatalk/Samba filesystems. On
314 filesystems that were also used for interactive shell access, I chmod'd
315 my Netatalk shares 2770. The reason for this is that I set up a UNIX
316 group for each department in the ad agency. I had an art group, a media
317 group, an accounting group, and then, or course, a general staff group.
318 Each share was only allowed access by the group that needed to access
319 the share. So, the Artfiles share allowed access only to the art group:
321 /macvol/artfiles "Art Files" allow:@art
323 And the others followed in kind. Therefore, the 2770 mask allowed only
324 owners and people in the associated group access to read and write
325 files. The leading 2 set the setgid bit so that all child files and
326 directories would retain the same group permissions. I found this to
330 Q11: What are the .AppleDouble and .Parent directories which are created in
331 the netatalk locations?
333 A: See the README.veto file in this directory.
335 The .AppleDouble folders hold the resource fork information for the mac
336 files, plus other attributes which are not normally stored by Unix. For
337 this reason, when you want to move files around in your mac volumes, it's
338 a good idea to do it from the Mac side (as opposed to from the unix side,
339 or Samba), unless you make absolutely sure you get the .AppleDouble
340 directories. These directories are often hidden from the Samba side, via
341 the veto files configuration.
343 You can also set netatalk to not create an .AppleDouble directory unless
344 it absolutely needs it, by setting the noadouble setting in
345 AppleVolumes.default.
348 Q12: Hidden files - what's up with that?
350 A: If you set the noadouble flag in AppleVolumes.default, you won't see
351 the .Apple* or .Parent directories on the Mac side. If you use the veto
352 files option in Samba, they may be hidden from the windows side as well.
353 (More information in the Samba section, and in the README.veto file in
357 Q13: I get a "socket: Invalid argument" error when trying to start netatalk
358 under Linux. What is causing this?
360 A: The "appletalk" and "ipddp" kernel modules have to be installed under
361 linux for netatalk to function. The appletalk module can be automatically
362 loaded by adding the line "alias net-pf-5 appletalk" to the
363 /etc/modules.conf file. Issuing the command "modprobe (module)" will
364 load the module for the current session.
367 Q14: netatalk works over Appletalk, but my IP connections are refused, even
368 though I have enabled them in the configuration files.
370 A: If tcp_wrappers support is compiled into netatalk, access has to be
371 granted in /etc/hosts.allow for netatalk to successfully accept IP
372 connections. This can be done by the addition of the line:
373 afpd: 127. xxx.xxx.xxx. (whatever other subnets)
376 Q15: I'm having Quark Express file locking problems, is there information on that?
378 A: Yes, see the question regardng DID conflicts and the --enable-did= flag.
379 Also, try using the --flock-locks flag. Enabling this code disabled the
380 new byte locking feature. With FLOCK locks, the whole file would be locked.
381 With byte locks, a byte range could be locked without locking the whole file.
384 Q16: I'm getting this error in Quark Express when trying to save a file to
385 the server: 'Error Type -50'
387 A: Turn off the document preview feature off in Quark.
390 Q17: Does netatalk work with Mac OSX?
392 A: Yes, but only the most recent versions, and it's still being finalized.
393 Versions prior to 1.5Pre7 did NOT work with OS X, although some really
394 early versions did (netatalk 1.4+asun?).
397 Q18: I'm getting an 'Application for this document not found' error on OS X.
399 Q19: I'm getting an 'Error Type -43' error on OS X.
401 A: Configure with --with-did=last. More info on this flag is given in the
402 DID conflicts question.
405 Q20: How do I get the directories that are created by Netatalk to have the
406 correct permissions by default?
408 A: Investigate the SetGid bit on your unix platform. It's a good idea to
409 set this on your shared directories, and your .AppleDouble directories.
410 From the mail archives: "Usually directories designated for use with
411 AppleShare have the setgid (g+s) bit set. It forces inheritance of
412 permissions. Without it, the .AppleDouble subdirectory can't be created
413 since the new folder doesn't necessarily have the same write privileges."
415 Information about the setgid bit can be found in Evi Nemeth's
416 "Unix System Administration Handbook" (3rd. ed, chap 5.5, pg. 69):
418 "The bits with octal values 4000 and 2000 are the setuid and setgid bits.
419 These bits allow programs to access files and processes that would
420 otherwise be off-limits to the users that run them. [...] When set on a
421 directory, the setgid bit causes newly created files within the directory
422 to take on the group membership of the directory rather than the defualt
423 group of the user that created the file. This convention makes it easier
424 to share a directory of files among several users, as long as they all
425 belong to a common group. Check your system before relying on this
426 feature, since not all version of UNIX provide it. [...] This interpretation
427 of the setgid bit is unrelated to it's meaning when set on an executable
428 file, but there is never any ambiguity as to which meaning is
431 NOTE: The SETUID is usually discussed along with the SetGID bit. The
432 SetUID bit is VERY dangerous. If you set it on an executable, and the
433 executable is owned by root, anyone who runs that executable is root for
434 the duration of that executable's run, so a clever person can leverage
435 that into a full-scale compromise. The SETGID bit also has other security
436 implications, so be careful where you set it.
438 You set it by doing a chmod 2777 or 2775, or whatever. It's that first 2 bit.
441 Q21: What does this error mean:
442 'afpd[#####]: setdirmode: chmod .AppleDouble Operation not permitted'
444 A: This can be due to a few things.
446 1) The SetGid bit might not be set on either your directory, or on the
447 .AppleDouble directory. I think the bit has to be set recursively on the
450 2) You may not be member of the group set on the directory you're trying
453 3) This was a persistant bug in 1.5pre6 for awhile, upgrading might help.
456 Q22: I'm having problems with the Trash folder: either when someone drags
457 files into it, the system wants them to delete them immediately, or files
458 get stuck in there and won't delete.
460 A: Chmod the Network Trash folder to 2775 (/home/public/Network Trash
461 Folder for instance).
463 As of 10/16/01, Mac OS X trash didn't work properly with afps volumes.
464 Apple is working on it.
466 Q23: The daemons aren't starting, things aren't showing up in the Chooser,
467 and I get a message like this in the logs: afpd[####]: Can't register
470 This is sometimes a result of missing NIC information in the atalkd.conf
471 file. Put your network interface (something like le0, eth0, fxp0, lo0)
472 alone on a line in atalkd.conf, and reboot. When atalkd starts, it will
473 populate the file with a line such as:
474 le1 -seed -phase 2 -addr 66.6 -net 66-67 -zone "No Parking"
476 To find your network interface, run
479 and see which interface has your IP address. Use that one.
481 Q24: I want to be able to allow users to change their passwords. How do
482 I enable this feature? Every time I try I get an error that it was
483 unable to save the password.
485 A: Use -[no]setpassword in afpd.conf. This enables? disables the
486 ability of clients to change their passwords.
489 Q25: Can a mount a Mac volume on my unix machine?
491 A: Well, maybe. OS X obviously might be able to do this with NFS.
492 Also, there is a program called afpfs which was designed to do this,
493 but is not actively maintained and has been reportedly highly unstable.
494 It should be available from: http://www.panix.com/~dfoster/afpfs/
496 Q26: Can I run Samba and Netatalk together to access the same files?
498 A: Sure. Lots of us do. But there are some concerns. Quite often it's
499 useful, for instance, to hide files of one OS from the other. See
500 the AppleVolumes.default file in Netatalk, and investigate the veto
501 files option in Samba. (See the README.veto file.)
503 Also, when copying and moving files created on the Mac, it's better
504 to do that from the Mac, rather than from the Unix server or from
505 Samba. This is because the .AppleDouble folders hold the resource fork
506 information for the mac files, plus other attributes which are not
507 normally stored by Unix.
509 You can also set netatalk to not create an .AppleDouble directory unless
510 it absolutely needs it, by setting the noadouble setting in
511 AppleVolumes.default.
514 Q27: Files I create on my Samba shares are invisible on the mac side.
516 A: Have you checked the AppleVolumes(.default? .sytem? I don't remember
517 which one hides files!) file?
519 How long are the file names? Names longer than 31 BYTES (not characters)
520 are not visible on the Mac side. This is because some old Mac OS's don't
521 accept long names, and some finders crash when they encounter them.
522 Therefore netatalk hides long filenames to prevent crashes.
523 There is talk of creating a method to truncate the names, but this
524 code has not yet been written.
526 The BYTES distiction is made because there exist doublebyte fonts too,
527 which limit names to 15 chars.
530 Q27a: How can I set netatalk to hide some files created on the Samba
533 A: AppleVolumes(.system or .default?) allows you to hide certain files.
534 This might be a good thing to set on, say, .cshrc, ssh keys, and
538 Q28: Files I create on my netatalk shares are invisible on the PC side.
539 Q28a: How can I set Samba to hide the netatalk specific files (e.g.
542 A: Check your Samba veto files option in smb.conf. It's often useful
543 to hide files like .AppleDouble or the network trash folder here.
545 Does the mac file have a \ or / in it? Would this cause Samba to
548 Q29: I compiled Samba with the --with-netatalk flag. What did that do?
550 A: Nothing. Some code was written (by a Samba developer?), but as of
551 Fall 2001, Samba doesn't utilize it.
553 Q30: What about the differences in naming schemes, and legal/illegal
554 characters between Windows, Macs (and unix?)
556 A: Check out the documentation about the 'mswindows' flag in afpd.conf (?).
557 For instance, having / or \ or : in a name is especially bad,
558 as they're path seperators on unix and windows and macs,
559 respectively). Educating the end user is important for this problem.
562 Q31: Where can I get the cnid-db (berkely db3) software? (needed for
565 A: First check to see if your unix has a port or package. If not,
566 http://www.sleepycat.com/download.html
568 Q32: What about security in Netatalk?
570 A: Most of the security for netatalk must be derived from the
571 security of the unix server on which it runs. Directory permissions,
572 valid users, firewalls, IP filters, file integrity checkers, etc.
573 are all part of the equation. That said, it is possible to configure
574 netatalk to minimize access, and close potential security holes.
576 These two flags are especially important:
578 --with-tcp-wrappers: enable TCP wrappers support.
579 Wietse Venema's network logger, also known as TCPD or
580 LOG_TCP. These programs log the client host name of incoming
581 telnet, ftp, rsh, rlogin, finger etc. requests. Security
582 options are: access control per host, domain and/or service;
583 detection of host name spoofing or host address spoofing;
584 booby traps to implement an early-warning system. TCP
585 Wrappers can be gotten at
586 ftp://ftp.porcupine.org/pub/security/
588 Note, if you use tcp-wrappers, it would be a good idea to set your
589 afpd.conf file to disable DDP, or accept connections only on TCP.
590 You can also configure afpd to only run on a certain port, which
591 you can then let through your IPFilter.
593 Encrypt your passwords with SSL!
595 --with-ssl-dirs=[PATH]: specify path to OpenSSL installation.
596 NOTE: This is dependent on the same directory layout as the
597 source distribution of Openssl. That is: ./include/ and
598 ./lib/ to be on the same level. Many .rpm formats do not
599 have their files laid out in this format.
600 The OpenSSL Project is a collaborative effort to develop a
601 robust, commercial-grade, full-featured, and Open Source
602 toolkit implementing the Secure Sockets Layer (SSL v2/v3)
603 and Transport Layer Security (TLS v1) protocols as well as a
604 full-strength general purpose cryptography library.
605 This is required to enable DHX login support, which
606 will encrypt all of the passwords being sent across the
607 connection. (Some old mac clients don't support this, check
608 this FAQ for the section on AppleShare clients.)
609 Check to see if your unix has OpenSSL already, or
610 get everything at http://www.openssl.org/
612 Be aware that on the volumes that are shared, some of the
613 special folders (.AppleDesktop, "Network Trash Folder") get
614 assigned. A lot of these get created as world-writable (because that's
615 what the Mac clients are expecting them to be) which is often quite
616 undesirable from the unix sysadmin's point of view. Documenting this
617 behavior could be a somewhat daunting task, but highly desirable.
619 Shares can be set to be read/write only by certain people and groups.
620 (need more documentation here!)
622 The netatalk code has not been through a major code audit. However,
623 it's open source, so if you want to do said audit, contact the
624 netatalk maintainers (which can be done through the sourceforge site).
626 Has anyone tried to run netatalk in a chroot jail? If so, please
627 share your experiences with the mailing lists.