The Rconsole password also crosses the network in plain text. Any moron with a packet sniffer can get this password!!! If you are going to load remote, LOCK YOUR CONSOLE!!!
-----Original Message-----
From: Dave Sroelov [SMTP:dsroelov @
pacbell .
net]
Sent: Wednesday, October 30, 1996 8:22 PM
To: Davyd Norris
Cc: Firewalls @
GreatCircle .
COM
Subject: Re: NETWARE SECURITY/REMOTE LOGINS
i don't remember exactly where i saw this, but there is either a patch
or a newer version of rconsole that lets you specify the password once
and then remembers it. a couple of years ago i ran into the problem and
absolutely refused to put the plain text password in the autoexec.ncf
file. more than likely i found it on the novell ftp site or the novell
web site.
good hunting.
dave
Davyd Norris wrote:
>
> The NetWare RCONSOLE password is stored as plain text on the load line
> of the RCONSOLE NLM. Anyone with access to the server can load the
> startup (text) files to find it. If the server console is locked, you
> just have to reboot the server, crash to DOS and read it from there in
> the NWSERVER directory.
>
> This is a great reason to NOT use RCONSOLE, or to password protect your
> server console, and to create an RCONSOLE user with limited ability.
>
> DONT EVER USE THE Admin PASSWORD FOR RCONSOLE!!!
>
> Regards,
> Dave.
> --
> Davyd Norris - Systems Manager
> Franklin Collins Pty. Ltd.
> Melbourne, Australia.
> http://www.fcollins.com.au/
Follow-Ups:
|
|
