Path: utzoo!attcan!uunet!oddjob!uwvax!rutgers!columbia!cunixc!cck From: cck@cunixc.columbia.edu (Charlie C. Kim) Newsgroups: comp.protocols.appletalk Subject: Re: CAP 5.0, aufs, and System 6.0 package... Keywords: aufs AppleShare des cheap wonderful Message-ID: <733@cunixc.columbia.edu> Date: 16 Jun 88 05:46:42 GMT References: <5704@coherent.com> Reply-To: cck@cunixc.columbia.edu (Charlie C. Kim) Distribution: comp Organization: Columbia University Lines: 54 In article <5704@coherent.com> dplatt@coherent.com (Dave Platt) writes: >I managed to locate and purchase a copy of the System Software Update >Version 6.0 package yesterday afternoon. As rumor had suggested, this >package does include the AppleShare client (workstation) code; there's >an Installer script for it on the Utilities 1 disk. Yeah for Apple. >3/180) and my diskful 3/60. It works very nicely indeed (I _love_ the >aufs-disk icon! Now, if I could only color it red...). I'll tell Bill Schilit -- he had fun doing the icon (kept getting mad when messed with it too. I think I got one bit in edgewise (in the guy's eye) :-) > >The one problem I'm having is that I can't seem to get the >"automatically mount volumes at boot time" feature to work. I can enter >my id and password at boot time, or have them remembered by >AppleShare... but I always receive a message saying "The attempt to >connect to the server failed. Try again later." > >My suspicion is that AppleShare is trying to send my password across to >the aufs server in DES-scrambled form, and is receiving a "bad password" >or "I don't understand scrambled passwords" response from the server. >I'm going to fetch the DES sources from uunet, rebuild aufs with >password scrambing turned on, and try it again. > Your suspicion is basically correct, though I'm not 100% sure what really happens on the Macintosh side. You figured it out a lot faster than I did -- I pulled my hair out the first time I ran into this problem a year ago. The Macintosh AppleShare 1.1 (and 1.0) client is broken in this respect. I think this is documented (Aufs docs) (one of those things that should have been if it wasn't). In fact, Aufs has logging code that should show this clearly (should say invalid authentication method or some such junk). By the way, even if the AppleShare client were fixed to alow you to do "auto-login", one should be quite careful of storing their password on a publicly (or semi-restricted) macintosh because of the inherent security risk. Don't bother trying to get the des routines unless you really need the security over the network. The password look aside scheme is more of a curiosity than usable. First, it produces insecurity on the server system due to the plaintext files. Second, the implementation of the Aufs password file is half-backed. These combine to prevent the lookaside scheme being viable except in very special or controlled circumstances (originally the password lookaside file was done to allow auto-login in our lab -- then someone figured out that the "no user auth" (guest) access method worked just fine -- sigh). Hopefully, Kerberos is on the near horizon... Charlie C. Kim User Services Columbia University