Re: ldapsearch in monitoring script without bind password written in script

[John Bond <john.r.bond () gmail com>]

On 22 September 2011 14:51, Sven Aluoor <aluoor () gmail com> wrote:
> My problem is that the password is written in clear text in script
> (see -w "password"). How to do without writing password in UNIX
> script?
I would recomend that the user account you use only have the
permissions to run the cronjob you want (perhaps create a user just
for this purpose).  The crontab files are only readable by the user
and root so it should be fine to store it there, unless your box gets
rooted, however if that happens they would only have the abiility to
run your check (if you do the above).

At the end of the day if you are not going to be there to put the
password in then the server needs to know the password



On 23 September 2011 14:17, Just Dave <justdaver () gmail com> wrote:
> With ldapsearch you can specify a file which contains the bind password:
> -y passwdfile
> Remember to lock down the permissions of the your password file :)
That just moves the file password from one file to another.
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com