Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!tut.cis.ohio-state.edu!att!pacbell.com!ames!excelan!bdelvecc From: bdelvecc@kinetics.com (Brian Del Vecchio) Newsgroups: comp.sys.novell Subject: Re: Auto backups to tape Summary: supervisor password Message-ID: <2542@excelan.COM> Date: 28 Dec 90 21:27:40 GMT References: <826@macuni.mqcc.mq.oz> <1990Dec6.053018.17389@qiclab.uucp> Sender: news@excelan.COM Organization: Novell, Walnut Creek CA. Lines: 31 In article , masinter@parc.xerox.com (Larry Masinter) writes: > Are the novell protocols secure enough that someone couldn't just tap > into your net and just watch for packets with the supervisor's > password? NetWare now encrypts all passwords on the wire, to avoid exactly this problem. The workstation asks the server for an encryption key, then encrypts the password and sends it in encrypted form across the wire. A capture of the packet containing the password would not be valid for a second login attempt from another workstation, since the login key is different each time. This encrypted password feature is available in file servers starting at 2.15 (maybe a little earlier, but definitely not 2.0), and in DOS workstation shells (net#.com) and utilities (login.exe, attach.exe, etc) on or around 3.0. I am a little unclear about which version of the software first had this feature. The default configuration for a 3.x server is to deny unencrypted logins. When this happens, you get this message on the console: "Station attempted to use an unencrypted password call." It is possible to configure the 3.x server to allow unencrypted logins, but the wiser choice is to upgrade the utilities on all servers to match the 3.x server. At least, that's what the install manual recommends. [----------------------------------------------------------------------------] brian del vecchio; software engineer; novell, inc.; walnut creek, ca, usa; "But for what purpose was the earth formed?" asked Candide. "To drive us mad," replied Martin. - Voltaire, _Candide_ [---the opinions expressed are mine...the official Big Red Word may differ---]