Well, you may store as for webmin user password that are encrypted in
/miniserv.users
Also we may apply MD5 format.
Thanks for kindly collaboration!
Daniele
Jamie Cameron wrote:
> Daniele Gianetti wrote:
> >
> > Hi!
> > I'm searching about connections between Webmin servers: I have
> > registered a new
> > server and set "Login via Webmin with username" adding user and
> > password.
> > Problem is that user and password are saved no encrypted on the file
> > "etc/servers/1012381728.serv"
> > and this of course is a security problem: how can I avoid the password
> > to be written
> > not encrypted ?
> > One more information: I have set to use SSL.
> > Thanks in advance!
>
> There isn't really any way to avoid storing the password, as it needs
> to be sent in plain-text to the remote webmin server. Even if it was
> encrypted, the decryption key would have to be somewhere and so there
> wouldn't be any real gain in security .. One way encryption (of the
> kind used in /etc/shadow) is not possible.
>
> - Jamie
>
> -
> Forwarded by the Webmin development list at web...@we...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-devel
|
