>NetWare version 3.11 does not have a cleartext password file as you >stated on the bugtraq list, but rather, it keeps a secure hash of the >password in the Bindery. Physical access to the server would be >required to obtain the hashed values. Ok that may be true but my statement arose from a bored afternoon of using less(1) on some of the files in \SYSTEM (NET$SYS I think) and seeing users and what was obviously clear text passwords in a relatively close proximity to the username... maybe garbage memory, but still all the users were there. The caveat is I needed to be supervisor to read the file.. :) Cheers, Mark