TOPIC -----------------------------------------
In a test I did using Peek over the AppleShare network, I was able to
identify both my name and password. Why?
DISCUSSION ------------------------------------
There are three defined user authentication methods available to AFP
servers and workstations. The workstation indicates its choice of user
authentication method (UAM) by giving the server a UAM string.
1) No user authentication: This method needs no specification. No user
name or password information is required in the FPLogin call. The
corresponding UAM string is 'No User Authent'. An example of this
would be to log on as a guest.
2) Cleartext password: This method uses the UAM string of 'Cleartxt
Passwrd'. The password is transmitted as clear text and is not
encoded in any way. The User Info part of the FPLogin call consists
of the user name followed by the user's password.
3) Random number exchange: This method is best used when a network is
not secure from eavesdropping. This method uses the UAM string of
'Randnum Exchange'. If this method is not supported by the AFP
server, the workstation will use the Cleartext password UAM. This is
the method used by Apple workstation software when accessing an
AppleShare file server.
The Apple workstation software uses the FPGetSrvrInfo call to find out what
UAMs the server supports. This is done to determine what password UAM
should be used. A way to find out what password UAM is supported is to use
the AppleShare Chooser item and select a server. Next to the password
field you will see either '(Scrambled)' or '(Clear text)'. If you see
'(Clear text)', it means that the AFP server does not support the Random
number exchange UAM.