The NetWare password for rconsole is stored in the server memory and
is not encrypted. You can access it using the debugger, however, you
must have access to the console to load the debugger. Let's make the
assumption that the administrator doesn't know anything about security
and doesn't have the console locked. Then it is really simple to
access the password.
Most Novell sysadmins however would at least secure the console. I'm
not saying that this is any real thorough form of security but it is
at least something to add another layer before the password can be
gotten to.
Paul
----------
From:
Krauss .
SiemensAG @
t-online .
de[SMTP:Krauss .
SiemensAG @
t-online .
de]
Sent: Tuesday, October 29, 1996 11:13 PM
To: Mark_W_Loveless @
smtp .
bnr .
com
Cc: Firewalls @
GreatCircle .
COM
Subject: Re: NETWARE SECURITY/REMOTE LOGINS
>...
>The passwords are stored encrypted on the server, BTW.
>
>Mark
Are you really sure that the _rconsole_ password is stored encrypted
in
the memory of the server (in opposit to an user password which is
stored
somewhere in the bindery or NDS). I think I read an article where is
was
described that by using the system debugger you are able to read the
rconsole password from the server memory right away (NetWare 3.x and
4.x).
Sorry, but what did you mean with "the last 2600" (I guess some
magazine
or digest?).
Dietmar
--
+-------------------------------------------------------------------+
| Krauss .
SiemensAG @
t-online .
de |
| Dietmar Krauss |
| Consulting Communication |
| Siemens AG, Germany (www.siemens.de/pn) |
+-------------------------------------------------------------------+
|
|
