mirror of https://github.com/mabam/CAP.git
102 lines
3.0 KiB
C
102 lines
3.0 KiB
C
/*
|
|
* $Author: djh $ $Date: 1995/06/20 03:27:33 $
|
|
* $Header: /mac/src/cap60/netat/RCS/afppass.h,v 2.1 1995/06/20 03:27:33 djh Rel djh $
|
|
* $Revision: 2.1 $
|
|
*
|
|
*/
|
|
|
|
/*
|
|
* AUFS Distributed Passwords
|
|
*
|
|
* Copyright 1995 - The University of Melbourne. All rights reserved.
|
|
* May be used only for CAP/AUFS authentication. Any other use
|
|
* requires prior permission in writing from the copyright owner.
|
|
*
|
|
* djh@munnari.OZ.AU
|
|
* June 1995
|
|
*
|
|
* afppass.h - AUFS Distributed Password defines.
|
|
*
|
|
* User passwords are normally stored in ~user/.afppass in DES encrypted
|
|
* form. This file also contains values for password expiry date, minimum
|
|
* password length, maximum failed login attempts and number of failed
|
|
* login attempts.
|
|
*
|
|
* For greater security, the file must be owned by the user and be set to
|
|
* mode AFP_DISTPW_MODE (usually 0600 or -rw-------), if this is not the
|
|
* case, the file is deleted.
|
|
*
|
|
* The decryption key is stored in a global afppass (defaults to the
|
|
* file /usr/local/lib/cap/afppass) which also contains default values
|
|
* for expiry date, minimum password length and maximum failed attempts.
|
|
* If this file is not owned by root and mode 0600 it will be removed.
|
|
*
|
|
* Notes:
|
|
* 1. In the case of user home directories mounted via NFS, the files must
|
|
* be set to mode 0644 (since root cannot read mode 0600 files on remote
|
|
* filesystems). You can change the mode using the define
|
|
* -DAFP_DISTPW_MODE=0644
|
|
*
|
|
* 2. If you prefer to keep the .afppass files centrally, you can define
|
|
* the path using the define -DAFP_DISTPW_PATH=\"/usr/local/lib/cap/upw\"
|
|
*
|
|
* 3. The decryption key for the global afppass is defined by AFP_DIST_PASS
|
|
* Should be localized for each site, using -DAFP_DIST_PASS=\"password\".
|
|
*
|
|
* 4. AFP passwords can only be changed by the user with the AppleShare
|
|
* workstation client or by the UNIX superuser using aufsmkusr.
|
|
*
|
|
* 5. User AFP passwords MUST NOT be identical to UNIX login passwords,
|
|
* this restriction is enforced by the library routines.
|
|
*
|
|
*/
|
|
|
|
#define KEYSIZE 8
|
|
#define MINKEYSIZE 6
|
|
#define AFPPDSIZE 34
|
|
|
|
struct afppass {
|
|
u_char afp_magic; /* magic for sanity checking */
|
|
#define AFPDP_MAGIC 79
|
|
u_char afp_minmpwlen; /* mininum password length */
|
|
u_char afp_maxattempt; /* maximum failed login attempts */
|
|
u_char afp_numattempt; /* count of attempts to date */
|
|
time_t afp_expires; /* date password expires */
|
|
u_char afp_password[10]; /* current user password */
|
|
};
|
|
|
|
/*
|
|
* Gobal key. Should be localized by each site.
|
|
*
|
|
*/
|
|
|
|
#ifndef AFP_DISTPW_PASS
|
|
#define AFP_DISTPW_PASS "%-[&'*!~"
|
|
#endif AFP_DISTPW_PASS
|
|
|
|
/*
|
|
* Misc files & permission.
|
|
*
|
|
*/
|
|
|
|
#ifndef AFP_DISTPW_FILE
|
|
#define AFP_DISTPW_FILE "/usr/local/lib/cap/afppass"
|
|
#endif AFP_DISTPW_FILE
|
|
|
|
#ifndef AFP_DISTPW_USER
|
|
#define AFP_DISTPW_USER ".afppass"
|
|
#endif AFP_DISTPW_USER
|
|
|
|
#ifndef AFP_DISTPW_MODE
|
|
#define AFP_DISTPW_MODE 0600
|
|
#endif AFP_DISTPW_MODE
|
|
|
|
/*
|
|
* Misc numbers.
|
|
*
|
|
*/
|
|
|
|
#define SECS_IN_DAY 24*60*60
|
|
#define SECS_IN_MON 30*24*60*60
|
|
#define SECS_10_YRS 10*365*24*60*60
|