hmm - i have the same password on possibly thousands of boxes. i'll
have to get the NIS+ admins on that pronto.
On May 24, 2005, at 10:20 AM, Jima wrote:
> On Tue, 24 May 2005, Brock Noland wrote:
>
>> I work for a large corporation and there is about 2200 boxes in my
>> environment alone. Since I don't work for the UNIX team I cannot
>> install things on the boxes, because I am just a user. This includes
>> keys for authentication. The password will NOT be stored in the
>> script.
>>
>
> Okay, that's somewhat better. I have some reservations about how
> long
> the password is held in memory plaintext by the script (I can't
> imagine
> ssh holds it as such for any longer than it must), but I suppose
> that's a
> fairly minimal risk.
>
>
>> I am writing some scripts for my own personal use that I want to be
>> able to go out to say 400 boxes and then run some command. Since I
>> have the same username and password, I plan on writing a script which
>> asks for them once and then stores them, in a variable - only
>> temporarily, for all of the boxes.
>>
>
> Wait. The wording of that suggests the password is the same on 400
> machines. THAT I consider a huge security risk. I have a hard time
> believing I'm the only one.
{snipped - misc. signatures}
--
steve ulrich sulrich at botwerks.org
PGP: 8D0B 0EE9 E700 A6CF ABA7 AE5F 4FD4 07C9 133B FAFC