home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Columbia Kermit
/
kermit.zip
/
newsgroups
/
misc.20000217-20000824
/
000278_news@columbia.edu _Thu May 4 09:37:09 2000.msg
< prev
next >
Wrap
Internet Message Format
|
2020-01-01
|
3KB
Return-Path: <news@columbia.edu>
Received: from watsun.cc.columbia.edu (watsun.cc.columbia.edu [128.59.39.2])
by fozimane.cc.columbia.edu (8.9.3/8.9.3) with ESMTP id JAA11071
for <kermit.misc@cpunix.cc.columbia.edu>; Thu, 4 May 2000 09:37:08 -0400 (EDT)
Received: from newsmaster.cc.columbia.edu (newsmaster.cc.columbia.edu [128.59.59.30])
by watsun.cc.columbia.edu (8.8.5/8.8.5) with ESMTP id JAA03175
for <kermit.misc@watsun.cc.columbia.edu>; Thu, 4 May 2000 09:37:08 -0400 (EDT)
Received: (from news@localhost)
by newsmaster.cc.columbia.edu (8.9.3/8.9.3) id JAA04530
for kermit.misc@watsun.cc.columbia.edu; Thu, 4 May 2000 09:20:30 -0400 (EDT)
X-Authentication-Warning: newsmaster.cc.columbia.edu: news set sender to <news> using -f
From: jaltman@columbia.edu (Jeffrey Altman)
Subject: Re: kermit code to parse .authinfo files?
Date: 4 May 2000 13:20:28 GMT
Organization: Columbia University
Message-ID: <8ertes$4df$1@newsmaster.cc.columbia.edu>
To: kermit.misc@columbia.edu
In article <jqazoq6cx01.fsf@msdw.com>,
Russell McManus <russell.mcmanus@msdw.com> wrote:
:
: Does anyone have a snippet of Kermit code they would be willing to
: share to parse .authinfo files? These files are used to store
: passwords in home directories. As such, they are not the most secure
: thing going, but as long as the .authinfo file is owner-only
: permissions, it's not quite as bad.
:
: A .authinfo file looks like this:
:
: machine freddy.blah.com login russe password s0mepassw0rd
: machine pubdiscuss.blah.com login russe password s0mepassw0rd
: machine usenet.blah.com login russe password s0mepassw0rd
:
This can easily be done using the \Fsplit() function:
\fsplit(s1,&a,s2,s3) - Assign string words to an array.
s1 = String
&a = array designator
s2 = optional break set.
s3 = optional include set.
Break and include sets are as in \fword().
All arguments are optional. If \&a[] not declared, it is created.
Returns integer:
Number of words assigned.
But lets talk about the security of these files. Clearly these
files are not secure if anyone other than the user is able to read
them other than the owner. But what about 'root'?
If the machine is hacked, then all the passwords in .authinfo are captured
by the hacker. This is different than regular password files which only
store the end result of some computation.
What about if the home directories are stored on a file system mounted
by NFS? Every time the file is read it will be transmitted across the
network as clear text. Again, all of the passwords are now publicly
available.
These files are dangerous and should not be used.
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * kermit-support@kermit-project.org