[ofa-general] Re: [PATCH] saquery: --smkey command line option
Ira Weiny
weiny2 at llnl.gov
Wed May 28 09:06:29 PDT 2008
On Wed, 28 May 2008 04:06:30 -0700
Hal Rosenstock <hrosenstock at xsigo.com> wrote:
> On Tue, 2008-05-27 at 20:56 +0300, Sasha Khapyorsky wrote:
> > On 04:29 Tue 27 May , Hal Rosenstock wrote:
> > > On Fri, 2008-05-23 at 05:52 -0700, Hal Rosenstock wrote:
> > > > > Following your logic we will need to disable root passwords
> > > > > typing too.
> > > >
> > > > That's taking it too far. Root passwords are at least hidden when
> > > > typing.
> > >
> > > At least hide the key typing from plain sight when typing like su does.
> >
> > There are lot of tools where password can be specified as clear text in
> > command line (wget, smbclient, etc..) - it is an user responsibility to
> > keep his sensitive data safe.
>
> Do those tools provide a way to obscure passwords or force the user to
> do this in plain sight ? Seems like a user can't do this without support
> from the tool. smbclient seems to provide this; I didn't look at wget.
>
> smbclient supports an authorization file which supports this and says:
> Make certain that the permissions on the file restrict access
> from unwanted users.
>
> As you mentioned before, this is another acceptable approach (and this
> also lends itself better to scripting).
Another example of this is MySQL. From the man page:
shell> mysql --user=user_name --password=your_password db_name
With the plugin I just released I install a config file with this password
accessible only to root. If someone runs OpenSM as another user or has other
programs trying to access the DB (like SKUMMEE) then you will have to set the
permissions on this file appropriately.
I think I like the addition of a conf file for the scripts...
Ira
>
> -- Hal
>
> > Sasha
>
More information about the general
mailing list