very nice!
From: alltalk-avp@... [mailto:alltalk-avp@...] On Behalf Of Glen Kleidon
Sent: Friday, 9 November 2007 10:00 PM
To: alltalk-avp@...
Subject: RE: [alltalk-avp] Mac Clients
I am just about finished a brand new version of AllTalk for Java.
It includes:
+ CRAM-MD5 authentication. This will eliminate the problem your refer to.
+ All profiles can run from the same instance (but old method is still supported).
+ Support for Alltalk Native Encryption.
The AllTalk native password algorithm is based on mathematically complicated iterative process involving moderate sized Prime numbers. While it is a truely powerful method, it is susceptible to rounding differences on different platforms. The starting point for calculation is the Date but is also influenced by the users Key and username. So in answer to your second, Rodney, 2 profiles on the same machine are unlikely to suffer a failed login on the same day, although it is technically possible. The JRE sometimes rounds differently than Windows meaning that for an entire 24 hour period, a JRE calculates a different answer to the AllTalk server. It is not clear which OS is technically correct, and it doesnt really matter: the upshot is failed logins. This seems to average about once in every 100-200 days or so (so 2 profiles failing on the same day might happen once in every 27-109 Years on those numbers). I have noticed a slight increase in this kind of failure of late and it might be the date is at some critical crux. Some user keys seem also to have slightly higher failure rate.
So to eliminate the problem, the authentication protocol for both Windows and Java clients in the future will be CRAM MD5 authentication in preference to AllTalk Native. CRAM (AKA a HMAC), which is supported by many standard Mail servers and Instant Messaging services, is defined in RFC 2104 and is a sound, internationally recognised protocol. This authentication protocol has been supported on AllTalk Server since version 1 and is the method used by the Web interface and the ACI download process in the Profile Editor. AllTalk Native authentication, will still be supported for the few EQuery servers still in use.
ETA for the new beta Java client at least a few weeks.
Glen.
From: alltalk-avp@... [mailto:alltalk-avp@...] On Behalf Of rodneyebird
Sent: Friday, 9 November 2007 10:34 AM
To: alltalk-avp@...
Subject: [alltalk-avp] Mac Clients
Glen,
Having ongoing problems with Mac Clients (3 sites reported so far)
where they occasionally fail authentication and then don't download for
the rest of the day. They then pass authentication the next day and
scheduled downloads return to normal.
1. Is it possible to broaden the date/time match required in the
authentication process and would this reduce these failures?
2. If I install a second client on a different Mac, for manual
initiated downloads only (ie when the first client suffers the above
authentication problem), will it also fail authentication?
Rodney
| ********************************************************************** This email and any attachments are confidential. They may contain legally privileged information or copyright material. You should not read, copy, use or disclose them without authorisation. If you are not an intended recipient, please contact us at once by return email and then delete the original message and all copies. We do not accept liability in connection with computer virus, data corruption, delay, interruption, unauthorised access or unauthorised amendment. ********************************************************************** |
Offline 
Send Email