donna garverick wrote in part:
> ...do strongly consider using .netrc files.
and a lot of other good words of wisdom. I want to add my agreement. netrc
files * can * be very tightly secured. I recommend using special local users
for ftps, which can do little else. On the 3000, I would not give these
users IA, but they would be the only user in an account with the ability to
ftp (ND and whatever else). Off the top of my head, I'm not sure how close
one can get to that on Solaris. I believe that ftp only needs lock access to
the netrc file. I would encourage you to make the ftp scripts, users, and
netrc files as secure as possible.

My one disagreement with Donna is that I would not call the file netrc or
anything like that, given a choice. No need to advertise "passwords to other
systems can be found right here". On the 3000, I would set the required file
equation in a command file, and home the user to a passworded group so only
that user and the account manager could get to the group. Of course, that
group did not contain the netrc file, but did contain the UDC that file
equated netrc.homegroup to the actual file. And, I had more than one netrc
file, so that a given user could only ftp to those systems that the user
needed.

But being able to change the ftp user, used in many jobs, in a single file,
well, it sure beats the alternatives of editing lots of files or not doing
it because it's too hard.

Greg Stigers

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *