There are three solutions to that problem: 1) Change the file permissions to 600 or similar, and therefore preventing the whole world from reading it. 2) Generate the password using a call within the script. 3) Encrypt the configuration file with "gpg" or similar, then alter the init.d script to unencrypt it on launch, wait until it's fully parsed then delete the temporary file. If you're that worried about people knowing the OSPF password on that machine, those people should not have access to that machine, IMO. M On 12 May 2011 16:15, Pierre Rivenez <pierre.rivenez@celeste.fr> wrote:
The password is write in the file bird.conf in plain text. So any people who read the file have the password and can change the configuration. I would like to know if it's possible to encrypte the password in the configuration file
PR
----- Mail Original ----- De: "Martin Kraus" <martin.kraus@wujiman.net> À: "Pierre Rivenez" <pierre.rivenez@celeste.fr> Cc: bird-users@network.cz Envoyé: Jeudi 12 Mai 2011 16h33:40 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Re: password encryption
On Thu, May 12, 2011 at 04:18:47PM +0200, Pierre Rivenez wrote:
I use bird for the ospf I would like to use encryption. So I use a password for the ospf session, but the password is write in clear test in the file bird.conf Is it a solution to encrypt this password in the configuration file.
I guess the problem is that you'd have to have the key to the encryption in plain somewhere on the computer as well which kind of defeats the purpose of password encryption in the configuration file.
mk