password encryption

[Matthew Walster]

There are three solutions to that problem:

1) Change the file permissions to 600 or similar, and therefore
preventing the whole world from reading it.
2) Generate the password using a call within the script.
3) Encrypt the configuration file with "gpg" or similar, then alter
the init.d script to unencrypt it on launch, wait until it's fully
parsed then delete the temporary file.

If you're that worried about people knowing the OSPF password on that
machine, those people should not have access to that machine, IMO.

M



On 12 May 2011 16:15, Pierre Rivenez <pierre.rivenez at celeste.fr> wrote:
> The password is write in the file bird.conf in plain text.
> So any people who read the file have the password and can change the
> configuration.
> I would like to know if it's possible to encrypte the password in the
> configuration file
>
> PR
>
> ----- Mail Original -----
> De: "Martin Kraus" <martin.kraus at wujiman.net>
> À: "Pierre Rivenez" <pierre.rivenez at celeste.fr>
> Cc: bird-users at network.cz
> Envoyé: Jeudi 12 Mai 2011 16h33:40 GMT +01:00 Amsterdam / Berlin / Berne /
> Rome / Stockholm / Vienne
> Objet: Re: password encryption
>
> On Thu, May 12, 2011 at 04:18:47PM +0200, Pierre Rivenez wrote:
>> I use bird for the ospf
>> I would like to use encryption.
>> So I use a password for the ospf session, but the password is write in
>> clear test in the file bird.conf
>> Is it a solution to encrypt this password in the configuration file.
>
> I guess the problem is that you'd have to have the key to the encryption in
> plain somewhere on the computer as well which kind of defeats the purpose of
> password encryption in the configuration file.
>
> mk
>