5.3.14 Configuring Security

Follow these steps to configure AppleTalk file authentication:

1. Follow these links:

   AppleTalk Realm->Manage File Services

   The List of AppleTalk File Services screen appears.

2. From the list, select a file service for which you want to configure authentication.

3. Click Administer.

   The AppleTalk File Service servicename screen appears.

4. Click Authentication and Service Mode Options.

   The Update Local Authentication for servicename screen appears:

   

5. Select or enter values for the following attributes, as needed:

   • Password encryption -- The option to keep passwords from transmitting across the network. Without password encryption, any UNIX user can potentially connect to the server. In this open authentication environment, client and server exchange clear-text passwords. Password encryption, the secure authentication method, provides improved security, but you must maintain a separate user-password database for it. When you enable password encryption and secure authentication, only users added via Passwords can connect. With secure authentication, client and server exchange a series of messages that allows the server to verify that the client knows the correct password, without transmitting the password or any representation of it. Most AppleTalk-compatible clients support password encryption.

   • Username map -- The option to allow file services to validate clients by mapping them to valid UNIX users. You must define username maps before selecting this option (see "4.2 Administering Username Maps").

   • Allow null passwords -- The option to allow UNIX users without passwords to access the server. By default, TAS denies such users access to the server, for better security. This option has no effect if you enable Password encryption.

   • User restrictions -- The option to restrict the users who can connect to this service. Select it by selecting either Allow or Deny and the names of the users in the adjacent Users field. If you enter no user names, TAS ignores this attribute. Separate user names with commas.

   • User name for guest login -- The name assigned to LM-NT-OS/2 share-mode clients for accessing the AppleTalk realm.

   • Allow clients to save passwords -- The option to allow clients to save their passwords on the server.

   • Allow clients to change passwords -- The option to allow clients to change their server passwords.

6. Click Submit.

   The Update Local Authentication for servicename screen appears.

7. Click OK.

   To configure security from the UNIX command line, use the tnservice command.