Re: Encrypted logins, configuration, The Chooser, etc.


Subject: Re: Encrypted logins, configuration, The Chooser, etc.
From: Bruce A. Burdick, Jr. (bucky@interaccess.com)
Date: Sat Mar 10 2001 - 13:25:50 EST


I'm reposting this. It got zero response on the list last month when traffic
was lower. But the participants who have increased the list traffic this
month have demonstrated an ability to answer some difficult questions. So my
hopes are up for some good answers this time around. And in the intervening
month I've managed to verify that if there is a third-party UAM for the Mac,
it's languishing in obscurity somewhere where Google and the other major
engines can't see it.

Don't be daunted by the size and scope of this list of questions. Break off
whatever you can manage.

-B...

___________________________________________________
From: Bruce A. Burdick, Jr. <bucky@interaccess.com>
Date: Tue, 06 Feb 2001 02:47:05 -0600

I've perused the archives, but have mostly seen quick jots and morsels, all
assuming quite a bit of pre-existing context. Let's assemble the full story
on encrypted logins and netatalk. I'd like to see a robust how-to that
leaves nothing unsaid. How about you?

What are the various methods for encrypted logins supported by netatalk? In
which versions? What are the advantages/disadvantages of these? Which of
them are older/newer technologies? Which are weak/fading? Which are robust?

What are the various methods for encrypted logins supported by The Chooser?
In which versions?

How does netatalk need to be compiled to support the various methods? How
does this differ among the versions?

How does netatalk need to be configured to support the various methods? How
does this differ among the versions?

Do any end-to-end secure solutions exist? (i.e. no clear text passwords
stored or transmitted) What are they? How (in detail) are they installed and
configured?

What is netatalk 1.5 promising in this regard? What remains to be
implemented or fixed? What is not slated for development before the next
version? (1.6?)

Any other questions I missed?

I know some of the answers to these. But perhaps you know and can explain
them better. Or perhaps you have additional insights.

My reason for asking all this: I want to be able to login (with full
encryption, of course) from a Macintosh to a netatalk server over TCP/IP.
I'm running netatalk-1.4b2+asun2.1.3-8 on LinuxPPC 2000 (2.2.15pre3) and
netatalk-1.4b2+asun2.1.3-7 on LinuxPPC 2000 Q4 (2.2.18), and the shipping
version on OpenBSD 2.8 i386 (netatalk-990130.tgz). I've tried a few times to
get encrypted logins working, all to no avail. I'm not looking for a quick
fix. I'd really like to get a solid picture of the options and issues in my
head. I think a set of the best answers to the above questions will make my
life a lot easier, and probably many of yours as well. Anyone want to take a
crack at these?

Lastly, to you fellas who've picked up the netatalk ball and put it back
into development: thank you!

-B...



This archive was generated by hypermail 2b28 : Sun Oct 14 2001 - 03:04:34 EDT