I am currently exploring some new ideas regarding Open-AudIT. I note that Zenoss stores usernames and passwords of remote systems, in order to log in via SSH. Does anyone have any suggestions for storing credentials, inside Open-AudIT. Should they be in the DB, or in a file ? Should they be put in an encrypted file ? Should they be encrypted and stored in the DB ?
Bear in mind that we need to extract the password, so as to use it on the command line and in scripts. So, just md5'ing it, and storing it is no good. We have to be able to reverse the process.
Hence - anyone have any suggestions on the safest way to accomplish this ?
I am (currently) thinking PKE (Private Key Encrypt) the details, and store them in the OA database. Keep the Private Key somewhere else on the system (would have to be a file). Thoughts and comments greatly appreciated.
TIA, Mark.
_________________ Support and Development hours available from [url=https://opmantek.com]Opmantek[/url]. Please consider a purchase to help make Open-AudIT better for everyone.
|