PaulDotCom mailing list archives
Re: ldapsearch in monitoring script without bind password written in script
From: John Bond <john.r.bond () gmail com>
Date: Fri, 23 Sep 2011 15:58:42 +0200
On 22 September 2011 14:51, Sven Aluoor <aluoor () gmail com> wrote:
My problem is that the password is written in clear text in script (see -w "password"). How to do without writing password in UNIX script?
I would recomend that the user account you use only have the permissions to run the cronjob you want (perhaps create a user just for this purpose). The crontab files are only readable by the user and root so it should be fine to store it there, unless your box gets rooted, however if that happens they would only have the abiility to run your check (if you do the above). At the end of the day if you are not going to be there to put the password in then the server needs to know the password On 23 September 2011 14:17, Just Dave <justdaver () gmail com> wrote:
With ldapsearch you can specify a file which contains the bind password: -y passwdfile Remember to lock down the permissions of the your password file :)
That just moves the file password from one file to another. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: ldapsearch in monitoring script without bind password written in script Just Dave (Sep 23)
- Re: ldapsearch in monitoring script without bind password written in script John Bond (Sep 23)