[Mpls-pm] Secure scripts question
Gary Vollink
gary.vollink at gmail.com
Wed May 17 11:44:47 PDT 2006
On 5/17/06, Joshua ben Jore <twists at gmail.com> wrote:
> On 5/17/06, Miner, Alan G <alan.miner at nwa.com> wrote:
> > I have searched various sites, blogs and archives and it always seems to
> > boil down to where to store the encryption keys.
>
> Yah sure. As far as I know, that's all it'll ever come down to with
> the tools we have now. Your script has to be able to access the
> information somehow. You could stick it in the interpreter, in some
> object code that gets loaded, in the perl source code, in a readable
> file, whatever. In all cases it's still somewhere.
Unless you have the capabilities to actually modify everything in the
chain. Kerberos/LDAP style. User authenticates, gets ticket. Tool
can use ticket in user's name. In the end - either a user is
supplying the information live - at some point - or - your script has
a location to find the keys. Alternatively, you throw caution to the
wind, and run locally as root.
More information about the Mpls-pm
mailing list