I use a (Perl) password server for this. Passwords are stored encrypted in a configuration file.
Clients authenticate with the server, and receive a requested password (encrypted) across the network, if the client is entitled. The user authentication is rudimentary, but it works. SSH certificates would be better, just need to do it. Jared On Mon, 2005-07-04 at 22:21, Maxim Sloyko wrote: > Sam Vilain wrote: > > > > However, making it in a file in $HOME/.xxx means that the sysadmin can > > set it up to be mode 400 or something like that, to ensure other users > > can't access it if someone forgot to set the permissions right on the > > application code (or, hopefully, configuration file). > > > > I don't think this solves the problem, because what I usually want is > the user to be able to use the application, but unable to see the DB > password. So the user should have "read" permission set for the file, > but on the other hand he shouldn't. It's not not a problem for Web App, > though. > > -- > Maxim Sloyko