AppleShare Authentication
The most important task to be accomplished between the client and server using the AppleShare protocol is authentication. How is the server to know that the user can be trusted to perform operations on files and folders? What if the user is attempting to connect to a non-Apple file server that supports a unique authentication standard?
On connecting to any AppleShare service on any server, the first thing the client does is try to determine what method of authentication the server supports. Can an Apple protocol be used? What about Kerberos, or the Microsoft authentication protocol? If the server supports more than one authentication method, the user is asked to choose one. The exception is the plain-text method. If the server and client don't have compatible authentication software installed, a username and password can be exchanged via plain text, if the server has been allowed to support it. However, if any more secure method is available, the plain-text option won't be given.
Because various software vendors sell servers that support AppleShare IP, clients need to be able to add authentication methods. Recent versions of AppleShare support user authentication modules, which are simple plug-ins that add authentication methods to a client.
The most common plug-in is the Microsoft UAM, required to connect to Windows 2000 and 2003 servers. This software comes with the server and is also available for download from Microsoft's support website. This module allows AppleShare IP clients to use Microsoft's native Windows authentication protocol, allowing administrators to provide enhanced security by using SMB services with packet signing turned on, as well as providing secure access to Macintosh clients.