i was fortunate that the morons i had to deal with wouldn't know the
difference between a packet sniffer and a box of paper clips.
dave
Charles L. Getty wrote:
>
> The Rconsole password also crosses the network in plain text. Any moron with a packet sniffer can get this password!!! If you are going to load remote, LOCK YOUR CONSOLE!!!
>
> -----Original Message-----
> From: Dave Sroelov [SMTP:dsroelov @
pacbell .
net]
> Sent: Wednesday, October 30, 1996 8:22 PM
> To: Davyd Norris
> Cc: Firewalls @
GreatCircle .
COM
> Subject: Re: NETWARE SECURITY/REMOTE LOGINS
>
> i don't remember exactly where i saw this, but there is either a patch
> or a newer version of rconsole that lets you specify the password once
> and then remembers it. a couple of years ago i ran into the problem and
> absolutely refused to put the plain text password in the autoexec.ncf
> file. more than likely i found it on the novell ftp site or the novell
> web site.
>
> good hunting.
>
> dave
>
> Davyd Norris wrote:
> >
> > The NetWare RCONSOLE password is stored as plain text on the load line
> > of the RCONSOLE NLM. Anyone with access to the server can load the
> > startup (text) files to find it. If the server console is locked, you
> > just have to reboot the server, crash to DOS and read it from there in
> > the NWSERVER directory.
> >
> > This is a great reason to NOT use RCONSOLE, or to password protect your
> > server console, and to create an RCONSOLE user with limited ability.
> >
> > DONT EVER USE THE Admin PASSWORD FOR RCONSOLE!!!
> >
> > Regards,
> > Dave.
> > --
> > Davyd Norris - Systems Manager
> > Franklin Collins Pty. Ltd.
> > Melbourne, Australia.
> > http://www.fcollins.com.au/
References:
|
|
