Comment 37 for bug 26452

... however, dhx2 doesn't work with Mac OS 9 clients. 'cleartext' auth doesn't support password lengths > 8 chars, so if you have a users with longer passwords they'll be locked out.

Those of us unfortunate enough to be supporting such dinosaurs can get NetATalk to build against OpenSSL quite easily thanks to the thoughtful package maintainers. Just:

$ cd debtmp
$ mkdir debtmp
$ apt-get source netatalk
$ apt-get install libcups2-dev
$ apt-get build-dep netatalk
$ cd netatalk-2.0.4~beta2
$ DEB_BUILD_OPTIONS=openssl fakeroot debian/rules binary
$ sudo dpkg -i ../netatalk_2.0.4~beta2-5ubuntu2_i386.deb

(Versions may need adapting as appropriate).

This rebuilds NetATalk against OpenSSL, restoring the uams_dhx_pam and uams_dhx_randnum modules.