Linux Netatalk-HOWTO: Passwords
by Anders Brownworth
[anders@thehamptons.com] 		2.1.0
October 12, 1999
http://www.thehamptons.com/anders/netatalk/passwords.html
Download
Tips
Quick Start
Utilities
Contacts

Linux Netatalk-HOWTO
Passwords

Passwords that users enter into the chooser to log into your netatalk share need to be checked. On the Unix side of the fence, each netatalk user requesting access to your system has to have a valid account. (with a valid shell) If your system uses shadow passwords, you will need to compile shadow password support into netatalk so it can check passwords from your /etc/shadow file. (you know you have shadow passwords if lines in your /etc/passwd file have an "x" where the password should be and there is a /etc/shadow file read only by root listing the encrypted password. For example, if a line in the /etc/passwd file looks like this: 

 anders:x:1000:100:Anders Brownworth:/home/anders:/bin/tcsh

and you have a line that looks like this in your /etc/shadow file: 

 anders:tGPvqcO.yi3Ls:10778:0:99999:7:::

then you have shadow passwords.) To use shadow passwords, you will need to have netatalk compiled with -DSHADOWPW defined in the etc/afpd/Makefile in the CFLAGS section.

If you want to get "2-way Encrypted Passwords" working with netatalk, there are a few things you need to do. Because Apple's "2-way Encrypted Password" scheme requires that the server know the password in cleartext, existing /etc/passwd and /etc/shadow files will not do for authentication. After successfully compiling with DES support, you will need to give the server each netatalk user's password in cleartext by creating a file called ".passwd" in each netatalk user's home directory. This file should contain the user's password in cleartext, be owned and have read/write permission by the user, and have no read/write permissions for group or other. 

 -rw-------   1 anders   users           9 Mar 31 12:18 .passwd

The user will be able to change their password through the chooser if you leave this option enabled in afpd.conf. It is important to note, however, that the only password afpd will change is the cleartext one in the .passwd file and not the user's "real" unix password.

Origional document: [http://www.thehamptons.com/anders/netatalk/passwords.html]