Hi Gergo.
Yes, your remark is indeed correct. We had some discussion about this in
the past but left the issue for the future.
As, as you say, we are now quite visible, we should start caring more
about this issues. Here is my proposal:
All site managers create a file named, e.g., private-cfg.h which is NOT
checked in the CVS repository. In this file they copy the root password
setting line from local-cfg.h (I mean the line which goes "+auth.rootpwd
hnd78fa8976y").
Then they edit the local-cfg.h file and replace the auth.rootpwd line with:
#include "private-cfg.h"
After that they can check the new local-cfg.h file in CVS.
If anybody has comments or other proposal on this issue, please let me know.
Cheers
Emanuele
Debreczeni Gergely wrote:
> Hi,
>
> Just a proposal:
> Since google search "lcg cvs" gives out the cvs
> reprository as the first entry, it is very
> easy to find node config files...
>
> ! I would recommend not to store the root and user passwords in CVS !
>
> It took me only 3 ours (on a AMD ATHLON 2000+) to decrypt a 5 letter long
> passwd which contains capital letters and numbers...
> A 6 letter long would take 211 ours ... but I have 50 processors ;-))))
>
> cheers
> Gergo
>
>
> --
--
/------------------- Emanuele Leonardi -------------------\
| eMail: [log in to unmask] - Tel.: +41-22-7674066 |
| IT division - Bat.31 2-012 - CERN - CH-1211 Geneva 23 |
\---------------------------------------------------------/
|