The Rconsole password also crosses the network in plain text. Any moron with a packet sniffer can get this password!!! If you are going to load remote, LOCK YOUR CONSOLE!!!
From: Dave Sroelov [SMTP:dsroelov @
Sent: Wednesday, October 30, 1996 8:22 PM
To: Davyd Norris
Cc: Firewalls @
Subject: Re: NETWARE SECURITY/REMOTE LOGINS
i don't remember exactly where i saw this, but there is either a patch
or a newer version of rconsole that lets you specify the password once
and then remembers it. a couple of years ago i ran into the problem and
absolutely refused to put the plain text password in the autoexec.ncf
file. more than likely i found it on the novell ftp site or the novell
Davyd Norris wrote:
> The NetWare RCONSOLE password is stored as plain text on the load line
> of the RCONSOLE NLM. Anyone with access to the server can load the
> startup (text) files to find it. If the server console is locked, you
> just have to reboot the server, crash to DOS and read it from there in
> the NWSERVER directory.
> This is a great reason to NOT use RCONSOLE, or to password protect your
> server console, and to create an RCONSOLE user with limited ability.
> DONT EVER USE THE Admin PASSWORD FOR RCONSOLE!!!
> Davyd Norris - Systems Manager
> Franklin Collins Pty. Ltd.
> Melbourne, Australia.