Re: [Ltsp-discuss] rdesktop with GDM, by pass Win login?

Mon, 26 Jun 2006 14:32:11 -0700

Good to know, thank you very much.

On Mon, 2006-06-26 at 19:50 +0200, Anselm Martin Hoffmeister wrote: 
Am Montag, den 26.06.2006, 11:23 -0500 schrieb Scott Balneaves:
> On Mon, Jun 26, 2006 at 08:42:50AM -0600, Roy Souther wrote:
> > Has anyone been able to get rdesktop to by pass the Windows login by
> > handing it user name and password?
> 
> People use it, and it does work.
> 
> Howver, keep in mind that anyone who gets shell access can do a ps -ef
> and get:
> 
> someone 645763 3829 0 09:37 ?   00:00:00 rdesktop -u userid -p
> mysupersecretpasswordthatnowisn'tsosecretanymore

rdesktop allows the password to be "piped" into the command. As "echo"
is a shell internal in bash, it will not be shown in the process table.
Using cat is an option as well.

Example: If the user's password exists in cleartext
in /home/user/.passwd, the following command could be used:

cat /home/user/.passwd | rdesktop 172.16.0.13 -a 16 -f -k de -u user -p
- -d DOMAIN -s C:\\Programs\\MyApp\\MyApp.exe

Through some serious skripting this could also work if there is only a
root-accessible way of retrieving cleartext passwords. As far as I know,
there is no method to have password-less login without cleartext
passwords though.

HTH
Anselm

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_____________________________________________________________________
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
      https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net

Royce Souther
www.SiliconTao.com
Let Open Source help your business move beyond.

For security this message is digitally authenticated by GnuPG.



Attachment: signature.asc
Description: This is a digitally signed message part

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_____________________________________________________________________
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
      https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net

Reply via email to