# -uampath <path> Use this path to look for User Authentication Modules.
# (default: :UAMS_PATH:)
# -uamlist <a,b,c> Comma-separated list of UAMs. (default:
-# uams_guest.so,uams_clrtxt.so,uams_dhx.so)
+# uams_dhx.so,uams_dhx2.so)
#
# some commonly available UAMs:
# uams_guest.so: Allow guest logins
# Allow Diffie-Hellman eXchange
# (DHX) for authentication.
#
+# uams_dhx2.so: (uams_dhx2_pam.so or uams_dhx2_passwd.so)
+# Allow Diffie-Hellman eXchange 2
+# (DHX2) for authentication.
+#
# Password Options:
# -[no]savepassword [Don't] Allow clients to save password locally
# -passwdfile <path> Use this path to store Randnum
# "special" -notcp -defaultvol <path> -systemvol <path>
#
# default:
-# - -transall -uamlist uams_clrtxt.so,uams_dhx.so -nosavepassword
+# - -transall -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword
# specify the UAMs to enable
# available options: uams_guest.so, uams_clrtxt.so, uams_randnum.so,
# uams_dhx.so, uams_dhx2.so
-AFPD_UAMLIST="-U uams_guest.so,uams_dhx2.so"
+# AFPD_UAMLIST="-U uams_dhx.so,uams_dhx2.so"
# Change this to set the id of the guest user
AFPD_GUEST=nobody
#ATALK_ZONE=@zone
ATALK_NAME=`hostname|sed 's/\..*$//'`
-# specify this if you don't want guest, clrtxt, and dhx
-# available options: uams_guest.so, uams_clrtxt.so, uams_dhx.so,
+# specify this if you don't want dhx and dhx2
+# available options: uams_guest.so, uams_clrtxt.so,
+# uams_dhx.so, uams_dhx2.so,
# uams_randnum.so
-AFPD_UAMLIST="-U uams_clrtxt.so,uams_dhx.so"
+AFPD_UAMLIST="-U uams_dhx.so,uams_dhx2.so"
# Change this to set the id of the guest user
AFPD_GUEST=nobody
-afpd\[.*\]: ((dhx|cleartext) )?login: [[:alnum:]]+
+afpd\[.*\]: ((dhx|dhx2) )?login: [[:alnum:]]+
afpd\[.*\]: (server_child\[[[:digit:]]+\] [[:digit:]]+ )?(done|exited 1)
afpd\[.*\]: [\.[:alnum:]]+ read, [\.[:alnum:]]+ written
afpd\[.*\]: .*: Broken pipe
afpd\[.*\]: registering [[:alnum:]]+ \(uid [[:digit:]]+\) on [\.[:digit:]]+ as /.+/net[\.[:digit:]]+node[[:digit:]]+
afpd\[.*\]: session from [\.:[:digit:]]+ on [\.:[:digit:]]+
afpd\[.*\]: uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)
+afpd\[.*\]: uams_dhx2_pam.c :PAM: PAM (Auth OK!|Success -- Success)
afpd\[.*\]: using codepage directory: /etc/netatalk/nls/maccode\.[\.[:alnum:]-]+
atalkd\[.*\]: .*: Network is unreachable
atalkd\[.*\]: zip gnireply from [\.[:digit:]]+ \(.* [[:digit:]]\)
#
# Author: Thomas Kaiser <Thomas.Kaiser@phg-online.de>
#
-# Version: $Id: rc.atalk.debian.tmpl,v 1.3 2009-03-31 14:08:35 franklahm Exp $
+# Version: $Id: rc.atalk.debian.tmpl,v 1.4 2009-04-30 10:48:38 franklahm Exp $
set -e
Optional
========
-5. OpenSSL
+5. OpenSSL and/or Libgcrypt
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
Get everything at http://www.openssl.org/
+The Libgcrypt is a general purpose cryptographic library based on
+the code from GnuPG.
+This is required to enable DHX2 login support.
+
+Get everything at http://directory.fsf.org/project/libgcrypt/
+
6. TCP Wrappers
Wietse Venema's network logger, also known as TCPD or LOG_TCP. These
programs log the client host name of incoming telnet, ftp, rsh,
Netatalk Frequently Asked Questions
-($Id: FAQ,v 1.12 2003-02-24 23:33:14 srittau Exp $)
+($Id: FAQ,v 1.13 2009-04-30 10:48:38 franklahm Exp $)
-----------------------------------------------------------------------------
http://www.openssl.org/
+ --with-libgcrypt-dir=[PATH]: specify path to Libgcrypt installation.
+
+ NOTE: This is dependent on the same directory layout as the
+ source distribution of Libgcrypt. That is: include/ and
+ lib/ to be on the same level.
+ This is required to enable DHX2 login support, which
+ will encrypt all of the passwords being sent across the
+ connection. (Some old Mac clients don't support this, check
+ this FAQ for the section on AppleShare clients.)
+ Check to see if your Unix has Libgcrypt already, or
+ get everything at:
+
+ http://directory.fsf.org/project/libgcrypt/
+
Be aware that on the volumes that are shared, some of the
special folders (.AppleDesktop, "Network Trash Folder") get
assigned. A lot of these get created as world-writable (because that's
/*
- * $Id: afp_options.c,v 1.42 2009-04-01 12:40:41 franklahm Exp $
+ * $Id: afp_options.c,v 1.43 2009-04-30 10:48:38 franklahm Exp $
*
* Copyright (c) 1997 Adrian Sun (asun@zoology.washington.edu)
* Copyright (c) 1990,1993 Regents of The University of Michigan.
options->systemvol.name = _PATH_AFPDSYSVOL;
options->configfile = _PATH_AFPDCONF;
options->uampath = _PATH_AFPDUAMPATH;
- options->uamlist = "uams_clrtxt.so,uams_dhx.so";
+ options->uamlist = "uams_dhx.so,uams_dhx2.so";
options->guest = "nobody";
options->loginmesg = "";
options->transports = AFPTRANS_ALL;