On Wed, 2015-07-08 at 10:31, Stipe Tolj wrote: > Am 15.05.2015 07:55, schrieb Pandey Nitin: > >Can you please help me regarding the encryption of the passwords that we > >use in kannel configuration files. > > > >For example - I want to use the encrypted passwords in KANNEL.CONF file > >for - > >1. SMSC connection > >2. ADMIN passwords. > I'd like to assist here. Can you please describe the scenario for the > required encrypted counterparts of of passwords in the config? > > For the admin password it's pretty clear, and can be facilitated via sha1 > hash values, since the user needs to provide the password interactively when > performing and HTTP admin URI command. > > But how about SMSC connection passwords? Bearerbox needs to send them to the > SMSC in plain-text. So, the daemon needs to be able to recover them from any > crypt-ed version. > > An idea would be to use AES to encrypt them with the admin keyword. Then at > daemon start time the calling user would need to supply the admin password > on the command line to let bearerbox "unlock" the crypt-ed string in the > config to gain the plain-text for communication with the SMSC.
Is it wise to give any password on the command line, especially for long running processes, because it could be seen with the simple 'ps' command except when the system is security hardened. > In addition you would need to "shadow" the password strings in the log > files. > > Is there no chance to use file permissions for this, if it's "only" a matter > of grouping the maintenance staff to see/no-see of passwords in the config? -- Kind regards
