Xref: utzoo comp.protocols.tcp-ip:10530 comp.unix.questions:20545 comp.unix.wizards:20962
Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!snorkelwacker!mit-eddie!shawn
From: shawn@eddie.mit.edu (Shawn F. Mckay)
Newsgroups: comp.protocols.tcp-ip,comp.unix.questions,comp.unix.wizards
Subject: Re: .netrc
Message-ID: <1990Mar10.143413.16539@eddie.mit.edu>
Date: 10 Mar 90 14:34:13 GMT
References: <45473@lanl.gov>
Distribution: usa
Organization: MIT
Lines: 32

From article <45473@lanl.gov>, by ddk@lanl.gov (David D Kaas):
> 
> 
> 	At our site we have a CRAY and several dozen UNIX workstations.
> We are looking at ways of doing un-atteneded file transfers during off
> hours.  We have started using ftp with .netrc files.  We do have outside
> access to our network.  Now the question, is this considered a security
> problem?  If so how are un-attended file transfers done?
> 
> Thank You
> Dave Kaas
> Boeing Computer Services Richland
> D. O. E.
> Richland, WA 99352
> (509) 376-6386
> e41126%rlvax3.lanl.gov
> -- 
> Dave Kaas - D.O.E. Richland, Wa.
> 	e41126%rlvax3.xnet@lanl.gov

Well, ANY time you have a clear copy of a password in a file on your
system its a security hole. Most people use rcp and its remote host
capability (i.e. .rhosts files and such). If can't use rcp, it would
not be very hard to write a server/client for your machines to do
a simple file copy.

Probably much easier than picking up the peices after someone snarfs
your .netrc file and has passwords to everything in the world.

			Hope this helps,
			   Good Luck,
			    -- Shawn