[Spacewalk-list] Encrypting admin username and password of spacewalk server
Matt Moldvan
matt at moldvan.com
Fri Sep 8 13:25:11 UTC 2017
One option is to keep the username and password in /etc/rhn/spacewalk.creds
or something, which only the user running your script has access to, and
the file has very restrictive permissions on. In there, you can specify
your username and password and then source it from your script.
It would be even better if Spacewalk implemented some sort of access token
that could be granted to a system, registered System ID, or something, but
I don't know if that is in the works.
For the first idea:
file /etc/rhn/spacewalk.creds:
SPACEWALK_USER=admin
SPACEWALK_PASS=12345
export SPACEWALK_USER
export SPACEWALK_PASS
in your script:
CREDFILE=/etc/rhn/spacewalk.creds
if [ -f "${CREDFILE}" ];
. "${CREDFILE}"
fi
On Fri, Sep 8, 2017 at 7:53 AM Michael Mraka <michael.mraka at redhat.com>
wrote:
> Sreenivasa Katra:
> > Hi Michael,
> >
> > I am running a shell script in which it downloads all the channels along
> > with the errata for my centos 7 spacewalk server.
> > In the script for authentication, i need to hard-code
> > SPACEWALK_USER=admin, and SPACEWALK_PASS=abcdef
> >
> > Instead of hard coding is there any way to encrypt this in shell script.
> >
> > Please provide your inputs.
>
> Well, the thing is if your script have to use login/password it have to
> be able to decrypt it. But then anyone having access to the script can
> see how it decrypts password and do the same. So if you have plaintext
> or encrypted password in the script - it's equaly bad.
> Encrypting password in such case is just a classic example of alleged
> security
> (through obscurdity).
>
> --
> Michael Mráka
> System Management Engineering, Red Hat
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20170908/767553ec/attachment.htm>
More information about the Spacewalk-list
mailing list