Connecting from Windows 98 Machines

The Solution:

Either use one of the 3 other FacetWin "pass_security" options -- all 3 will work with Windows 98's no "plain text password" connection policy, or re-enable "plain text password" connection ability by adding the registry key as described below. See the "/usr/facetwin/facetwin.cfg" file for details about the "pass_security" configuration options.

What is the best approach to take?

That really depends upon the situation, available resources, security policy, etc.

If there is an NT Server that everyone logs into...

Then one of the easiest things to do is to have FacetWin use the NT Server for password authentication. This is done with the "pass_security=\\ntserver_name" option, where "ntserver_name" is replaced with the NetBIOS name of the NT Server. With this option, the Windows user names and passwords must match what the NT Server thinks and the user names must be valid UNIX user names.

If there are only a few Windows 98 machines...

The easiest approach may be to add the "EnablePlainTextPassword" registry key. Other systems (DOS, Windows 3.x, Windows 95, Macintosh w/DAVE) that are not having trouble connecting won't be affected by this and should continue to connect normally. One drawback to this approach is that you may have to re-add the registry key if you install other Service Releases and new Windows 98 machines will need the key.

If this is a "trusted" network environment...

Then using the "pass_security=RHOST" option might be the best approach. With this option, no passwords are sent across the network and the connecting PC is trusted to supply the user name used by the UNIX system for the connection. See the UNIX man pages on "rhosts" or "hosts.equiv" for details about how to implement this on the UNIX system. Usually it is just a matter of adding each PC hostname to the "/etc/hosts.equiv" file and perhaps also to a ".rhosts" file. The PC hostname will need to be resolvable by the UNIX system.

If none of the above options are practical...

Then using the "pass_security=LANMAN" option may be the best choice. With this option, a DES encrypted password table (separate from "/etc/passwd") is created and maintained with the "fct_encrypt" utility. See "man fct_encrypt" for implementation details. The Windows user passwords don't have to match the UNIX user passwords and are only authenticated against the encrypted password stored in the "fctpasswd" table. Passwords are encrypted with a special DES crypt key before being transmitted across the network.

To Enable "PlainTextPassword" Connections on Windows 98:

WARNING! Be very careful when using the registry editor. If used improperly the registry can easily become corrupted which may result in an unstable or unbootable system. Please be very careful when attempting this.

The registry can automatically be updated with this "w98.reg" file. It should be downloaded unmodified by your browser, and then double-clicked on to update your registry.

Or, you can manually add this key to your registry by:

1. Run Registry Editor (Regedit.exe).
   Start   |   Run   |   Open:     [ regedit     ]

   From the HKEY_LOCAL_MACHINE subtree, go to the following key:

   \system\currentcontrolset\Services\VxD\VNETSUP

   From the Edit menu, select new DWORD value.

   Change the name of the new key from "New Value #1" to "EnablePlainTextPassword".

   Modify the entry just added (go to the Edit menu and select Modify), to have the following value:

   Value data:         1

   Click OK and then quit the Registry Editor.

   Shut down and restart Windows 98.