Remote Administration and Clear Text: A Survivor's Story
Novell Cool Solutions: Trench
By Jim Trotter
Digg This -
Posted: 11 Feb 2002
Our parent organization went on a security binge about using remote access to servers that pass passwords in the clear, specifically aimed at RCONSOLE. Our organization took these guidelines one step further and required the use of Secure RCONSOLE as well as changing the password every month and requiring that each server's password be unique. I don't think they had a clue of the administrative nightmare (1500+ unique passwords every thirty days!) they were setting themselves up for.
I solved my problems by removing RSPX.NLM and REMOTE.NLM from the servers (to prevent their accidental use) and loading the AFREECON.NLM on the servers. As your "Free Remote Console for NetWare" article stated, ADREM uses Novell (public/private key) authentication to grant access (minimum of Console Operator set via the server object in NWAdmin or ConsoleOne). If the user is not authenticated to the tree, a login dialog box pops up for login/authentication. ADREM will not allow (and I've ops tested this) a unauthenticated/improper rights user from gaining access.
I have retained a copy of the RSPX.NLM and REMOTE.NLM for remote copy/load in case I need it. I got bit one day as I was removing NDS from a server remotely and all of the sudden lost my connection to the server with no way to gain it back. Luckily it was a short drive to my backup NLMs, but I learned my lesson. There are still reasons to use RCONSOLE, but I only use it when needed, then remove it.
I wholeheartedly recommend the use of ADREM. The current version works with NetWare 3.x, 4.x, 5.x and 6.0. As mentioned in the article, it picks the proper protocol IP/IPX to use for the connection. As a Windows program, the Copy/Paste function works as well, which I've used on many an occasion.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com