Robert G. Brown wrote:
> e) I do in fact connect. By the time I'm entering username and
> password, I'd better be connected to the server and the connection had
> better already be bidirectionally encrypted.
>
Its quite possible for a program to ask for you username/password and
store that in memory *before* ever opening a network connection. In
fact, I believe that's what vpnc does. As a test, I changed the gateway
line in my default.conf to an invalid host (but sadly, a hostname that
does resolve due to earthlink's broken dns). This is what I found:
[agrajag@athyra ~]$ sudo /usr/sbin/vpnc
Enter username for duke-vpnlic.netcom.duke.edu: sdf
Enter password for
sdf@...:
/usr/sbin/vpnc: receiving packet: Connection refused
Notice, it attempted the connection *after* asking me for a
username/password.
_______________________________________________
Dulug mailing list
Dulug@...
https://lists.dulug.duke.edu/mailman/listinfo/dulug
