question on encrypt passwords in shell script

s_linux · 01-10-2012, 08:26 AM

Hello All
I have a script that does some ldap operations. Within the script, I have a password that I use in the ldapsearch and ldapmodify operations.
Also I want to cron this script. I want to encrypt password/script so that no one can see the account and password.
I tried with :X but once you do that, the script no longer executable. Was thinking to limit the permissions to only root but many ppl have root access so it does not work.
I can not install any other packages for this so that I can not use shc or some sort.

I wanted to see if there is any other process so that no one can see/read/open the script/password.
Thanks

corp769 · 01-12-2012, 04:25 AM

Hello,

Would this be an option? http://stackoverflow.com/questions/3...ally-seeing-it

Cheers,

Josh

s_linux · 01-12-2012, 08:34 AM

I'm not sure how that works with my script
I have a following script and password with in the variable admpwd. Instead of using the local variable, I dont know but may be put the password in a file and encrypt that file and use that file for the password...was something like that but again that did work for me..so checking for the other options

Quote:

#!/bin/bash
set -x
# Variables

server=111.111.111.11
userid=cn=xxxx,ou=xxxx,o=xxxx
admpwd=@@@@@@

testresult=`ldapsearch -x -h $server -LLL -d ou=xxxx,o=xxxxx-D "$userid" -w "$admpwd" "(cn=xxxx)" sn`

smallpond · 01-12-2012, 08:55 AM

if "many ppl have root access" then you have no security on this system anyway, so why bother?

s_linux · 01-12-2012, 09:55 AM

they have a root access on a server. but if I can protect the script somehow with a password and setup cron job, hoping no one can open/read the script without the password.

Regards

metallica1973 · 04-02-2012, 11:39 AM

Have you looked into "shc"

http://http://www.linuxjournal.com/article/8256