Hiding Your NetWare (Web servers) Login Password It is somewhat
Hiding Your NetWare Login Password It is somewhat of a security risk to be putting a password on the command line, as we did with the ncpmount command. Other active, concurrent users could see the password if they happen to be running a program like topor ps. To reduce the risk of others seeing and stealing NetWare login passwords, ncpmount is able to read certain details from a file in a user’s home directory. In this file, the user keeps the login name and password associated with each of the fileservers he or she intends to mount. The file is called ~/.nwclient and it must have permissions of 0600 to ensure that others cannot read it. If the permissions are not correct, the ncpmount command will refuse to use it. The file has a very simple syntax. Any lines beginning with a # character are treated as comments and ignored. The remainder of the lines have the syntax: fileserver/userid password The fileserver is the name of the fileserver supporting the volumes you wish to mount. The userid is the login name of your account on that server. The password field is optional. If it is not supplied, the ncpmount command prompts users for the password when they attempt the mount. If the password field is specified as the character, no password is used; this is equivalent to the -n command-line argument. You can supply any number of entries, but the fileserver field must be unique. The first fileserver entry has special significance. The ncpmount command uses the -S command-line argument to determine which of the entries in ~/.nwclient to use. If no server is specified using the -S argument, the first server entry in ~/.nwclient is assumed, and is treated as your preferred server. You should place the fileserver you mount most frequently in the first position in the file. A More Complex ncpmount Example Let’s look at a more complex ncpmount example involving a number of the features we’ve described. First, let’s build a simple ~/.nwclient file: # NetWare login details for the Virtual Brewery and Winery # # Brewery Login ALES_F1/MATT staoic1 # # Winery Login REDS01/MATT staoic1 # Make sure its permissions are correct: $ chmod 600 ~/.nwclient Let’s mount one volume of the Winery’s server under a subdirectory of a shared directory, specifying the file and directory permissions such that others may share the data from there: $ ncpmount -S REDS01 -V RESEARCH -f 0664 -d 0775 /usr/share/winery/data/ This command, in combination with the ~/.nwclient file shown, would mount the RESEARCH volume of the REDS01 server onto the /usr/share/winery/data/ directory using the NetWare login ID of MATT and the password retrieved from the ~/.nwclient file. The permissions of the mounted files are 0664 and the directory permissions are 0775. Exploring Some of the Other IPX Tools The ncpfs package contains a number of useful tools that we haven’t described yet. Many of these tools emulate the tools that are supplied with NetWare. We’ll look at the most useful ones in this section. Server List The slist command lists all of the fileservers accessible to the host. The information is actually retrieved from the nearest IPX router. This command was probably originally intended to allow users to see what fileservers were available to mount. But it has become useful as a network diagnosis tool, allowing network admins to see where SAP information is being propagated: