Subject: How does netatalk security work?
From: David J. Topper (topper@virginia.edu)
Date: Mon Sep 03 2001 - 16:34:27 EDT
Hi again,
So I've managed to get logins working, but I can't say I'm comfortable
with it. The only way I could get things to work was:
1. create a $HOME/.passwd file
2. edit afsd.conf to only allow randnum or rand2num authentication
But this makes me nervous, because noplace is the user's actualy
password being used. So that means that (with netatalk running) it's
possible to get access to a user's directories without ever knowing
their password?
Can someone explain what's going on? This smells like a major security
hole to me. I appreciate the nicety of being able to use passwords
other than the user's real one, but still.
Thanks,
DT
-- Technical Director, Virginia Center for Computer Music http://www.people.virginia.edu/~djt7p (804) 924-7355
This archive was generated by hypermail 2b28 : Sun Oct 14 2001 - 03:04:50 EDT