On Thu, 2003-10-16 at 15:44, Mike Klein wrote: > Using kfind (file and content searching util in kde) I decided to > check/scan some key directories for my root password and the password of > my <primary> user account (what I use when I'm not root). I was > embarassed by what I found. Much of what you've posted smells of Webmin. The lilo configuration file stores the lilo password (optional feature) in clear-text, this is known. This is also why a) storing your passwords in that file and b) using the same password in lilo as for one of your users, is a bad idea. The other stuff, as I've mentioned, sounds like Webmin-related stuff. I doubt that it's configuration file data, sounds more like poorly-written modules passing passwords via GET (rather than POST). Can you give some specific examples (passwords obfuscated, of course) so we can get a better idea where they're coming from? -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
