Netatalk

From FGWiki
Jump to: navigation, search

Making netatalk use SSL for passwords

The netatalk package provides file and print sharing services for Macintosh computers using Apple's native AFP protocol.

The Debian and Ubuntu packages are not compiled with SSL support due to a licensing issue with OpenSSL. This leaves cleartext passwords as the only available way to authenticate out of the box.

Fortunately it is possible to compile the package locally to enable support for encrypted password exchanges. Debian makes it easy to build a package.

sudo apt-get build-dep netatalk
sudo apt-get install libssl-dev cracklib2-dev
apt-get source netatalk"

set DEB_BUILD_OPTIONS=ssl under "DEB_UPDATE_RCD_PARAMS := defaults 50" in the debian/rules file beneath (Create the line if it doesn't exist)

dpkg-buildpackage 

When dpkg-buildpackage goes on, you see the ./configure line passing by. If you edited debian/rules properly, it should say --with-ssl-dir almost at the end of that line.

Get a cup of coffee.

sudo dpkg -i netatalk_<version>_<arch>.deb

Check /usr/lib/netatalk again; there should be a uams_dhx.so now.

Add this line to /etc/netatalk/afpd.conf at the very bottom:

- -transall -uamlist uams_dhx.so -nosavepassword

To prevent apt from upgrading the package automatically, run the following command:

echo "netatalk hold" | dpkg --set-selections

If you need to cancel the hold, you can use this command:

echo "netatalk install" | dpkg --set-selections

~Thanks to sim, and Lammert Hellinga