On Tue, Feb 15, 2011 at 08:17:20AM -0500, Richard Kenner wrote:
> > #include the password (a file the line 'secret=') from a local file on
> > the file system. The user has no access to it, right?
>
> Right, but we're not talking ONE password, but ANY password. Having
> dozens of those files, one for each password, gets to be a real pain
> really fast. And you STILL want CM control of password changes even
> if you're storing the encrypted versions: you want to be able to go
> back to an old password, even if you don't know what it is.
Nope. Don't keep the password in the common version control. This is
security through obscurity. Asterisk has to be able to read it as plain
text, eventually.
You can go the #exec route, keep an encrypted file, and keep the
decryption key somewhere on the file system. If you don't put the
decryption key outside of the version control, what you get is purely
security through obsurity, that is: counting on the user to be forever
dumb.
If you want more than one:
#include path/to/passwords.conf
; Or:
;#exec /usr/local/bin/decrypt_passwords_file
[peer1](password1)
...
[peer2](password2)
...
passwords.conf has:
[password1](!)
secret = 111111
[password2](!)
secret = 111111
[password3](!)
secret = 111111
[password4](!)
secret = 111111
And as the PERL saying goes, There Is More Than One Way To Do It.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.co...@xorcom.com
+972-50-7952406 mailto:tzafrir.co...@xorcom.com
http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
