On Sat, 16 Sep 2006 12:12:33 -0700, Mark Crispin
<mrc@CAC.Washington.EDU> wrote:

>On Sat, 16 Sep 2006, John Kelly wrote:

>> From the standpoint of permissions management and control, much worse
>> than crontabs.

>It all depends upon the script. The one that I used prompted for the
>password, and then used it as it ran the commands in the script. The
>password was only stored in the expect process' memory, and vanished when
>that process vanished.

To avoid user interactivity, the password must be stored somewhere on
disk, otherwise, we are back at square one, and the user must manually
enter the password. I wanted full automation, including entry of the
password.


>I stopped using it once I had Kerberos deployed. Kerberos does not have
>password in the clear on client or server. It is true that the KDC has to
>be secured, but it's much easier to secure one machine than it is to
>secure all the clients and servers. I wish that Kerberos was more widely
>used.

I have no time to learn Kerberos. I'm too busy grubbing for labor
saving scripts ...