On 3/29/06, Scott Ullrich <[EMAIL PROTECTED]> wrote: > Uhhh, whats the difference from freebsd's rc.conf and in this case!? > The CARP passwords would be listed in rc.conf on a stock FreeBSD > system, too... So I fail to see your point.
I believe he's talking about the remote sync password. Not much we can do about that one. CARP passwords aren't really meant to be secure (it's easy to spoof carp packets), the admin password is hashed, ipsec shared secrets can't be hashed as we need to be able to reverse them (encrypting doesn't help, where would we store the decryption password?). No, bottom line is that we need to protect the system itself, not the passwords (although, public/private keys may help on the sync'ing - again...patches accepted, that's not an easy task). What this all boils down to is that we have known limitations...as long as you are aware of them, you can protect against them (and if your firewall get's compromised, uhhh...the last thing I'd be worrying about is "tricking" it into handing over config.xml). --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
