hmm - i have the same password on possibly thousands of boxes.  i'll  
have to get the NIS+ admins on that pronto.


On May 24, 2005, at 10:20 AM, Jima wrote:

> On Tue, 24 May 2005, Brock Noland wrote:
>
>> I work for a large corporation and there is about 2200 boxes in my
>> environment alone. Since I don't work for the UNIX team I cannot
>> install things on the boxes, because I am just a user. This includes
>> keys for authentication. The password will NOT be stored in the
>> script.
>>
>
>  Okay, that's somewhat better.  I have some reservations about how  
> long
> the password is held in memory plaintext by the script (I can't  
> imagine
> ssh holds it as such for any longer than it must), but I suppose  
> that's a
> fairly minimal risk.
>
>
>> I am writing some scripts for my own personal use that I want to be
>> able to go out to say 400 boxes and then run some command. Since I
>> have the same username and password, I plan on writing a script which
>> asks for them once and then stores them, in a variable - only
>> temporarily, for all of the boxes.
>>
>
>  Wait.  The wording of that suggests the password is the same on 400
> machines.  THAT I consider a huge security risk.  I have a hard time
> believing I'm the only one.

{snipped - misc. signatures}

-- 
steve ulrich                       sulrich at botwerks.org
PGP: 8D0B 0EE9 E700 A6CF ABA7  AE5F 4FD4 07C9 133B FAFC