Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
The problem with the above line is that it appears in the process list and that the password is in cleartext. Using credentials=file is a better start but this is still in plaintext. Can't I hash the password with md5 or something?
The idea is that you create the credentials file with root ownership and exclusive permissions (0600). In other words, only root has access to it. If the person is root, and it's not someone that should have access to the credentials, you have bigger problems.
This is how I have done it in the past, but it's still possible to read the cleartext password off the disk if you get physical access to the machine, which is all very theoretical but I'm trying to satisfy a security policy that states we may have to cleartext passwords stored anywhere....
Depending on the timing of the mount, and yours looks like at boot, encrypt any cleartext password files, load them into an iso, then mount the iso before the passwords are required, then unmount it later, eg in rc.local
For the really paranoid, delete them after use, and before rebooting, copy them back from a secure source..
Encrypting doesn't change the need for a password/pass phrase. If it cannot be stored, then the password will have to be entered at boot. That means that your servers need three-shift operators/administrators to handle failures/reboots, or you have to be able to deal with the resource being unavailable until an administrator arrives.