Coda File System

Re: Invalid login (RPC2_NOTAUTHENTICATED (F)).

From: sébastien bombal <sebastien_at_bombal.org>
Date: Mon, 16 May 2005 22:00:29 +0200
Le Lundi 16 Mai 2005 21:12, Jan Harkes a écrit :
> On Mon, May 16, 2005 at 07:46:20PM +0200, sebastien_at_bombal.org wrote:
> > bulma:/vice/auth2# id codaroot
> > uid=1001(codaroot) gid=100(users) groups=100(users)
> >
> > Here some log of auth2 with -x 4
> >
> > 19:39:39 Server successfully started
> > 19:39:47        vid = 1001
> > 19:39:47 Authentication failed for "codaroot" from 192.168.23.9:32799
> >
> > The documentation I read, explain that auth2 uses PAM to get password. Is
> > it true ?
>
> No it does not, we keep our passwords separate from the system passwords.
>
> For one, normal Coda users typically are are not allowed to access the
> Coda server machines. Keeping the user/group and password databases 
> separate makes this simple. But we also don't totally trust the security 
> of the password exchange completely since we don't use strong
> cryptography, but just a simple (proof-of-concept) XOR scramble. 

Are there any reasons, to don't use something stronger ? After you could use 
PAM to get password from the system (from shadow, LDAP to radius ...).

> So it is better to be on the safe side by not using system passwords for 
Coda authentication.

:( it was a reason, why I want to evaluate coda for a distributed FS. But 
thank you for the information. 

So the only one authentification we can use for large deployment is kerberos ?

> The codaadmin/codaroot password is initially set to 'changeme'. This
> temporary password was shown during the vice-setup process after the
> admin user account was created.
>
> Jan

Thanks for your help, it's working.

Regards.

-- 
Sébastien BOMBAL  -  ALTIOR
Consultant Sécurité  -  06 80 85 81 97
Received on 2005-05-16 15:58:54