Книга: Linux Network Administrator Guide, Second Edition

Hiding Your NetWare Login Password

Hiding Your NetWare Login Password

It is somewhat of a security risk to be putting a password on the command line, as we did with the ncpmount command. Other active, concurrent users could see the password if they happen to be running a program like top or ps. To reduce the risk of others seeing and stealing NetWare login passwords, ncpmount is able to read certain details from a file in a user's home directory. In this file, the user keeps the login name and password associated with each of the fileservers he or she intends to mount. The file is called ~/.nwclient and it must have permissions of 0600 to ensure that others cannot read it. If the permissions are not correct, the ncpmount command will refuse to use it.

The file has a very simple syntax. Any lines beginning with a # character are treated as comments and ignored. The remainder of the lines have the syntax:

fileserver/userid password

The fileserver is the name of the fileserver supporting the volumes you wish to mount. The userid is the login name of your account on that server. The password field is optional. If it is not supplied, the ncpmount command prompts users for the password when they attempt the mount. If the password field is specified as the - character, no password is used; this is equivalent to the -n command-line argument.

You can supply any number of entries, but the fileserver field must be unique. The first fileserver entry has special significance. The ncpmount command uses the -S command-line argument to determine which of the entries in ~/.nwclient to use. If no server is specified using the -S argument, the first server entry in ~/.nwclient is assumed, and is treated as your preferred server. You should place the fileserver you mount most frequently in the first position in the file.

Оглавление книги