[rt-users] Securing /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
Val Polyakov
val at polyakov.me
Sun Sep 19 04:56:39 EDT 2010
Any thoughts, anyone ?
> Hello,
>
> what are our options as far as securing RT_SiteConfig.pm goes?
>
> My company has pretty strict security requirements, and our security team
> will simply not allow us to store the ldap username/password in a plain
> text file on the RT server (and I can fully understand their concerns).
>
> What are some options here? Again, keeping in mind that the requirement is
> for the password (at least the password, that is) to NOT be plaintext in
> RT_SiteConfig.pm
>
> Solutions like "well make the file only readable by root" aren't going to
> be accepted (not by me, but by our security team). Needs to be a hashed
> password, may be, or something.. I don't know.. soliciting ideas.
>
> --Val
>
>
> RT Training in Washington DC, USA on Oct 25 & 26 2010
> Last one this year -- Learn how to get the most out of RT!
>
More information about the rt-users
mailing list