PHWinfo - Afficher un message

16/09/2006, 20h12

On Sat, 16 Sep 2006, John Kelly wrote:
>> An expect script is pretty bad too...
> From the standpoint of permissions management and control, much worse
> than crontabs.

It all depends upon the script. The one that I used prompted for the
password, and then used it as it ran the commands in the script. The
password was only stored in the expect process' memory, and vanished when
that process vanished. Although arguably the password might have showed
up in the swap area of the disk, that's still better than in some file.

I stopped using it once I had Kerberos deployed. Kerberos does not have
password in the clear on client or server. It is true that the KDC has to
be secured, but it's much easier to secure one machine than it is to
secure all the clients and servers. I wish that Kerberos was more widely
used.

-- Mark --

http://panda.com/mrc
Democracy is two wolves and a sheep deciding what to eat for lunch.
Liberty is a well-armed sheep contesting the vote.

16/09/2006, 20h12	#5
Mark Crispin Messages: n/a Hébergeur:	Re: mailutil and passwords? On Sat, 16 Sep 2006, John Kelly wrote: >> An expect script is pretty bad too... > From the standpoint of permissions management and control, much worse > than crontabs. It all depends upon the script. The one that I used prompted for the password, and then used it as it ran the commands in the script. The password was only stored in the expect process' memory, and vanished when that process vanished. Although arguably the password might have showed up in the swap area of the disk, that's still better than in some file. I stopped using it once I had Kerberos deployed. Kerberos does not have password in the clear on client or server. It is true that the KDC has to be secured, but it's much easier to secure one machine than it is to secure all the clients and servers. I wish that Kerberos was more widely used. -- Mark -- http://panda.com/mrc Democracy is two wolves and a sheep deciding what to eat for lunch. Liberty is a well-armed sheep contesting the vote.