Saving password feature for net rpc console utils.
andrux0id
adriano32.gnu at gmail.com
Tue Jan 31 07:19:14 MST 2012
Hello, samba-technical!
i need your advices and some kind of consultation.
i often use different net rpc commands from linux console to make
certain things at windows pc's: monitoring launched services, checking
registry entries and so on.
it is embarrassing as for me to enter password for each command
separately, but i dont want to pass passwords as command line option
(when it possible), because it is unacceptable from security reasons
(every can see parametres through the /proc).
so i want to have some convinience: to be able to save user's login and
their password for certain windows host at the linux pc in the ram for
single net rpc session and execute the series of a commands to remote
host just entering logon cridentials only once — at the net rpc
launching and till quit command or ^D.
So my questions are:
1. Maybe this feature (like it works in `net shell' for limited
functions) already exists and i dont know about it simply. If it exists,
please point me to this opportunity.
2. Is protocol, that is used for net rpc authentification, enough
UNsecure to dont worry about obfuscation password which is stored in the
memory?
For example, basing on libpurple developers explanation about why does
they store saved passwords in plainttext config file
(http://developer.pidgin.im/wiki/PlainTextPasswords) and Sherri
Davidoff's exploration of Linux utilities which handles password in the
memory in unsecure way
(http://philosecurity.org/pubs/davidoff-clearmem-linux.pdf) this idea
approaches to not so secure protocols (like ICQ maybe) with a leak
authentification which can be simply compromised by sniffing packet on
the wire and decrypting sniffed so storing encrypted password is
unnecessary because of password can be stolen after decrypting at
another stage.
3. And the final question: what is your opinion about implementation of
this feature:
a) these feature is under development
b) it will be useful, patches are welcome
c) it is unnecessary for samba console tools for now and if i need i
should implement some kind of a wrapper by myself
d) this feature is incompatible with authentification protocol or
principles in some way
Thank you in advance for comments, advices, RTFM's and pointings to the
samba code which i should look to understand if my questions were stupid :)
More information about the samba-technical
mailing list