Q. How are device credentials stored?
A. InterMapper 5.1 and higher stores device credentials such as user names and passwords in each map file with the other device attributes. The credentials are not encrypted or hidden in any way within the file. If someone has direct access to the map files on disk, they can extract the passwords by running 'strings'.
For this reason, UNIX permissions to map files are set to read/write for owner only.
InterMapper users with admin privileges can export the map files also. Note that the default "out of the box" InterMapper installation gives admin access to connections from localhost. To secure this, set a password for the admin user, and clear the auto-login setting (which specifies 127.0.0.1 and ::1).