Ndmpcopy version 2 doesn't require command line passwords. It prompts for the passwords when the session starts. The source is available on the ndmp.org website. I haven't played with it, but it looks interesting.
For version 1 you can hardcode the password and compiled it down to a binary that only root can read or execute. That stops people from being able to find the password from the executable unless they are the root user. It worked pretty well when I did this at my previous job. All you have to do is add default passwords in the main.h file. Hardcode the filer passwords in the DEF_SRC_AUTH_PASSWORD and DEF_DEST_AUTH_PASSWORD definitions and recompile. It really helps if all you filers have the same password. :-)
Graham
-----Original Message----- From: Brian Tao [mailto:taob@risc.org] Sent: Saturday, April 07, 2001 8:00 AM To: Francett, Robert D (SAIC) Cc: 'Jessica Fernandez'; toasters@mathworks.com Subject: RE: Data Copy from Filer to Filer
On Fri, 6 Apr 2001, Francett, Robert D (SAIC) wrote: > > The form I use is: > $ ndmpcopy filer1:/vol/volname/qtree filer2:/vol/volname/qtree -sa root:password -da root:password -dhost GbE_IP_address -level 0-9
This is the greatest failing of ndmpcopy... plaintext passwords to privileged accounts on the command line, in your shell history, up there in a "ps" for everyone to see, etc. It would be nice to have an "ndmp" user on the filer that can *only* initiate or receive NDMP sessions. Combine that with a new ability to read user/password information from a file in ndmpcopy, and you at least have some modicum of security. One of these days, I'll hack ndmpcopy to do that... unless someone else has done that already. ;-) -- Brian Tao (BT300, taob@risc.org) "Though this be madness, yet there is method in't"