[rancid] Re: unencrypted passwords in .cloginrc ...
Lance Vermilion
rancid at gheek.net
Wed Nov 1 15:37:03 UTC 2006
On Tue, Oct 31, 2006 at 09:38:52PM -0800, William Yardley wrote:
> On Thu, Oct 26, 2006 at 11:42:12PM +0200, Arnold Nipper wrote:
> > On 26.10.2006 23:28 John Dworske wrote
>
> > > Is there any way getting around using unencrypted passwords in the
> > > .cloginrc file ? My co-workers will not let me use rancid unless we
> > > can come up with something more secure ?
> >
> > "chmod 600 .cloginrc" is not secure enough?
>
> I'm not exactly disagreeing with the sentiments expressed on the list,
> but just to play devil's advocate.... for one thing, some businesses
> have to deal with security checklists for various types of compliance,
> and often there are cookie cutter requirements like "no passwords for X
> type of device stored in cleartext". Now I think most people here would
> probably agree that filling out a checklist isn't going to make a
> network more or less secure, but the fact of the matter is that some
> corporations care more concerned about saying that they checked that box
> than about having actual security.
>
> w
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
You could alway pgp lock the file and keep the passphrase in some file
and then use that. That would justify it being secure. They just have
to find the file with the passphrase. Or you could do as I have done in
the past. Create a ... file (most people will alway skip over the ...) or
create some file in the man directory like "/usr/share/man/man1/pine"
and keep the passphrase in either of those places.
This approach should reach your goal as well.
--
-Lance <rancid at gheek.net>
More information about the Rancid-discuss
mailing list