dplatt@coherent.com (Dave Platt) (06/16/88)
I managed to locate and purchase a copy of the System Software Update Version 6.0 package yesterday afternoon. As rumor had suggested, this package does include the AppleShare client (workstation) code; there's an Installer script for it on the Utilities 1 disk. I installed AppleShare on my SE, installed the CAP 5.0 version of aufs in our Sun server's CAP library, and fired up aufs on both the server (a 3/180) and my diskful 3/60. It works very nicely indeed (I _love_ the aufs-disk icon! Now, if I could only color it red...). The one problem I'm having is that I can't seem to get the "automatically mount volumes at boot time" feature to work. I can enter my id and password at boot time, or have them remembered by AppleShare... but I always receive a message saying "The attempt to connect to the server failed. Try again later." My suspicion is that AppleShare is trying to send my password across to the aufs server in DES-scrambled form, and is receiving a "bad password" or "I don't understand scrambled passwords" response from the server. I'm going to fetch the DES sources from uunet, rebuild aufs with password scrambing turned on, and try it again. So... trumpet out the news! It's no longer necessary to shell out $900 for the AppleShare server package from Apple just to get the AppleShare client... you can get it for $49 in the 6.0 update (with disks and docs), or for the cost of 4 disks if you can find a dealer who will let you copy their 6.0 update disk set. CAP/AUFS just turned from an excellent deal to an _incredible_ deal! -- Dave Platt VOICE: (415) 493-8805 USNAIL: Coherent Thought Inc. 3350 West Bayshore #205 Palo Alto CA 94303 UUCP: ...!{ames,sun,uunet}!coherent!dplatt DOMAIN: dplatt@coherent.com INTERNET: coherent!dplatt@ames.arpa, ...@sun.com, ...@uunet.uu.net
cck@cunixc.columbia.edu (Charlie C. Kim) (06/16/88)
In article <5704@coherent.com> dplatt@coherent.com (Dave Platt) writes: >I managed to locate and purchase a copy of the System Software Update >Version 6.0 package yesterday afternoon. As rumor had suggested, this >package does include the AppleShare client (workstation) code; there's >an Installer script for it on the Utilities 1 disk. Yeah for Apple. >3/180) and my diskful 3/60. It works very nicely indeed (I _love_ the >aufs-disk icon! Now, if I could only color it red...). I'll tell Bill Schilit -- he had fun doing the icon (kept getting mad when messed with it too. I think I got one bit in edgewise (in the guy's eye) :-) > >The one problem I'm having is that I can't seem to get the >"automatically mount volumes at boot time" feature to work. I can enter >my id and password at boot time, or have them remembered by >AppleShare... but I always receive a message saying "The attempt to >connect to the server failed. Try again later." > >My suspicion is that AppleShare is trying to send my password across to >the aufs server in DES-scrambled form, and is receiving a "bad password" >or "I don't understand scrambled passwords" response from the server. >I'm going to fetch the DES sources from uunet, rebuild aufs with >password scrambing turned on, and try it again. > Your suspicion is basically correct, though I'm not 100% sure what really happens on the Macintosh side. You figured it out a lot faster than I did -- I pulled my hair out the first time I ran into this problem a year ago. The Macintosh AppleShare 1.1 (and 1.0) client is broken in this respect. I think this is documented (Aufs docs) (one of those things that should have been if it wasn't). In fact, Aufs has logging code that should show this clearly (should say invalid authentication method or some such junk). By the way, even if the AppleShare client were fixed to alow you to do "auto-login", one should be quite careful of storing their password on a publicly (or semi-restricted) macintosh because of the inherent security risk. Don't bother trying to get the des routines unless you really need the security over the network. The password look aside scheme is more of a curiosity than usable. First, it produces insecurity on the server system due to the plaintext files. Second, the implementation of the Aufs password file is half-backed. These combine to prevent the lookaside scheme being viable except in very special or controlled circumstances (originally the password lookaside file was done to allow auto-login in our lab -- then someone figured out that the "no user auth" (guest) access method worked just fine -- sigh). Hopefully, Kerberos is on the near horizon... Charlie C. Kim User Services Columbia University
dplatt@coherent.com (Dave Platt) (06/17/88)
In article <733@cunixc.columbia.edu> cck@cunixc.columbia.edu (Charlie C. Kim) writes:
- Your suspicion is basically correct, though I'm not 100% sure what
- really happens on the Macintosh side. You figured it out a lot faster
- than I did -- I pulled my hair out the first time I ran into this
- problem a year ago. The Macintosh AppleShare 1.1 (and 1.0) client is
- broken in this respect. I think this is documented (Aufs docs) (one
- of those things that should have been if it wasn't). In fact, Aufs
- has logging code that should show this clearly (should say invalid
- authentication method or some such junk). By the way, even if the
- AppleShare client were fixed to alow you to do "auto-login", one
- should be quite careful of storing their password on a publicly (or
- semi-restricted) macintosh because of the inherent security risk.
I don't recall seeing a note to this effect in the aufs documentation...
guess it should be inserted in the next update.
It's true that auto-login is a security hazard, and our site's Madame
Security would probably frown on my using it. I'll see what I can do
about setting up a guest-ID that would have access only to the vanilla,
nonproprietary, available-to-all-users server-wide volume, which I'm right
now loading up with the contents of my PD/shareware diskette library
(15 megs or so).
--
Dave Platt VOICE: (415) 493-8805
USNAIL: Coherent Thought Inc. 3350 West Bayshore #205 Palo Alto CA 94303
UUCP: ...!{ames,sun,uunet}!coherent!dplatt DOMAIN: dplatt@coherent.com
INTERNET: coherent!dplatt@ames.arpa, ...@sun.com, ...@uunet.uu.net