On Sun, Oct 28, 2007 at 02:30:38PM -0700, Kenneth Porter wrote:
> --On Saturday, October 27, 2007 9:16 PM -0700 Craig Barratt
> <[EMAIL PROTECTED]> wrote:
>
> >> Check this page on the wiki
> >>
> >> http://backuppc.wiki.sourceforge.net/brokensambaversion
> >
> > I'm not sure this is exactly the same issue that was being
> > asked about, but this is a great way to respond to a repeated
> > question! Thanks for adding it to the Wiki.
>
> Whoa, that sounds like exactly what's going on. And thanks, indeed, for
> wikifying it!
>
> I'll have to file this in the CentOS bug tracker so others will be aware of
> it. This looks to me like good cause for an upgrade at the distro level. I
> think it counts as a security issue, since it otherwise forces users to
> pass passwords in cleartext.
Correct me if I am wrong, but the clear text you are referring to is
the password on the smbclient command line right? The PASSWD
environment variable is just as insecure. Try
ps -auxwwe
on any linux box. So there is really no security issue here, a
knowledgable user will find the password regardless.
There are two ways around this, use the -A authfile credentials's
file, or an expect script to provide the password.
--
-- rouilj
John Rouillard
System Administrator
Renesys Corporation
603-643-9300 x 111
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
BackupPC-users mailing list
[email protected]
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
