On Tue, Feb 15, 2011 at 08:17:20AM -0500, Richard Kenner wrote: > > #include the password (a file the line 'secret=') from a local file on > > the file system. The user has no access to it, right? > > Right, but we're not talking ONE password, but ANY password. Having > dozens of those files, one for each password, gets to be a real pain > really fast. And you STILL want CM control of password changes even > if you're storing the encrypted versions: you want to be able to go > back to an old password, even if you don't know what it is.
Nope. Don't keep the password in the common version control. This is security through obscurity. Asterisk has to be able to read it as plain text, eventually. You can go the #exec route, keep an encrypted file, and keep the decryption key somewhere on the file system. If you don't put the decryption key outside of the version control, what you get is purely security through obsurity, that is: counting on the user to be forever dumb. If you want more than one: #include path/to/passwords.conf ; Or: ;#exec /usr/local/bin/decrypt_passwords_file [peer1](password1) ... [peer2](password2) ... passwords.conf has: [password1](!) secret = 111111 [password2](!) secret = 111111 [password3](!) secret = 111111 [password4](!) secret = 111111 And as the PERL saying goes, There Is More Than One Way To Do It. -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users