 | |
Running isql without passwords
comp.databases.sybase comp.databases.sybase
 |
| | Thread Tools | Display Modes |
#1
 
| |||
| |||
|
Running isql without passwords -
05-03-2004
, 07:03 PM
#2
| |||
| |||
|
|
What's the best method to called isql from a shell script without having important passwords in the script? All our current scripts have the sa password everywhere and I'm now seeking to remove them in our upgrade. If I assign a login to an oper_role then details of this will show up in the script. Also, oper_role may have dump facilities but it doesn't have update stats which I'd like for a non-sa type role. TIA, Martin |
#3
| |||
| |||
|
Put server:user/role assword entries into a file readableonly by a privileged user. Chmod your scripts to be setuid to the privileged user and readable only by that user, i.e. -rws--x--x. Extract passwords by server:user/role key. Not the best solution, but simple. |
=v= Has anyone considered modifying sqsh to use PAM and/or
Kerberos to implement authentication tickets? The idea is that
you give a password once and it remembers who you are, so you
don't need to give it again for the duration of the session.
<_Jym_>
#4
| |||
| |||
|
|
Put server:user/roleassword entries into a file readable only by a privileged user. Chmod your scripts to be setuid to the privileged user and readable only by that user, i.e. -rws--x--x. Extract passwords by server:user/role key. Not the best solution, but simple. =v= I'd feel a million times better if they were encrypted. =v= Has anyone considered modifying sqsh to use PAM and/or Kerberos to implement authentication tickets? The idea is that you give a password once and it remembers who you are, so you don't need to give it again for the duration of the session. |
recently made available on linux. I don't have access to a kerberos system
to be able to test/develop this (though I'm working with some folks to add
kerberos auth to DBD::Sybase and Sybase::CTlib perl modules).
Also, ASE 12.5.2 supports PAM authentication.
A third solution would be to write a small C program that would decrypt
the password and feed it to isql.
Michael
--
Michael Peppler Data Migrations, Inc.
mpeppler (AT) peppler (DOT) org http://www.peppler.org/
Sybase T-SQL/OpenClient/OpenServer/C/Perl developer available for short or
long term contract positions - http://www.peppler.org/resume.html
#5
| |||
| |||
|
|
Kerberos support is an extra-cost option for ASE, and has only been recently made available on linux. ... Also, ASE 12.5.2 supports PAM authentication. |
so I have to do things on the cheap. :^(
=v= I can talk to ASE by tunneling through ssh, so the remaining
main weakness is having passwords in script files. Which is why
I'm focusing on the idea of a PAM-aware sqsh client ...
<_Jym_>
#6
| |||
| |||
|
|
Kerberos support is an extra-cost option for ASE, and has only been recently made available on linux. ... Also, ASE 12.5.2 supports PAM authentication. =v= Good stuff, though my clients aren't rolling in the dough, so I have to do things on the cheap. :^( =v= I can talk to ASE by tunneling through ssh, so the remaining main weakness is having passwords in script files. Which is why I'm focusing on the idea of a PAM-aware sqsh client ... |
option to isql)
And (also an extra-cost option, I think), Sybase understands SSL
connections directly.
However I agree that an ssh tunnel is a simple and good enough solution
for many situations.
Michael
--
Michael Peppler Data Migrations, Inc.
mpeppler (AT) peppler (DOT) org http://www.peppler.org/
Sybase T-SQL/OpenClient/OpenServer/C/Perl developer available for short or
long term contract positions - http://www.peppler.org/resume.html
|
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.