Re: Compiling with DES etc...


Subject: Re: Compiling with DES etc...
From: andrew morgan (morgan@orst.edu)
Date: Mon Jan 15 2001 - 15:26:36 EST


On Mon, 15 Jan 2001, Keith Baker wrote:

> What do I need to do to get encrypted Appletalk connections. I am using
> Redhat 6.2 on an Alpha. I got the stock 1.3.3 version running but its butt
> slow and I have no encryption. RH 6.2 comes with Kerberos V (I think its 5
> anyhow)... libdes seems to be included in a wierd form
> (/usr/kerberos/include/kerberosIV/des.h exists for example)... my question
> is... can I get appletalk to do DES or Kerberos for authentication? I hate
> plaintext!

You'll need to install the OpenSSL libraries first. Then grab the latest
tar.gz file from http://netatalk.sourceforge.net.

I've never used the Kerberos support in Netatalk, but there are a couple
other methods of doing encrypted logins. One type is randnum and
rand2num, in which the client and server exchange random numbers to
authenticate (I'm ignorant of the details). The downside of
randnum/rand2num is that you have to store paswords in cleartext on the
server, which may be a problem.

The other encrypted login method is DHX. This builds an SSL-like
connection to send the password to the server. It does not require any
changes to your backend password storage method. It can use PAM as well.

Hope this helps,
        Andy



This archive was generated by hypermail 2b28 : Sun Oct 14 2001 - 03:04:30 EDT