http://qs321.pair.com?node_id=251116


in reply to Secure ways to use DBI?

use a better authentication method.

i'm using PostgreSQL with KerberosV5 authentication.

package KrbKey; use base 'Class::DBI'; __PACKAGE__->set_db('Main', 'dbi:Pg:dbname=krbkey;host=dbserver.sub.dom' # no user/password ); __PACKAGE__->table('krpass'); __PACKAGE__->columns(All => qw( passkey passval )); 1; #!/usr/bin/perl use strict; use warnings; use KrbKey; sub lookup { my $key = shift; my $pw = KrbKey->retrieve($key); return $pw->passval; } if (@ARGV) { my @pw = map {lookup($_)} @ARGV; print join $/, @pw, ''; } else { print join $/, map({$_->id} KrbKey->retrieve_all), ''; }

without a valid principal...

$ getpw Failure while doing '' with '_filter_retrieve_all in KrbKey' Ima::DBI->connect(dbname=krbkey;host=dbserver.sub.dom) failed: Kerbero +s 5 authentication failed at /opt/network/bin/getpw line 17 at /opt/network/bin/getpw line 17

and with...

$ kinit Password for me@SUB.DOM: $ getpw cisco.console cisco.enable snmp.ro snmp.rw

there's also the possibility of using SSL and Certificates for authentication (i think even MySQL can do SSL auth)