in reply to Re^4: Keeping a password safe.
in thread Keeping a password safe.

Hi Steve,

Just an idea!

You have a secure server, and you want clients to get a set of instructions to run on their machine. I assume you control the server and will write the perl script to get the instructions from the server. (Correct so far?)

So think about this.

• Setup a unique user on your server for each client. Forget about securing the password, but use a ftp like pure-ftpd that you can chain-root the unique user.
• Generate a unique public/private key for each client.(openssl or gnu)
• Encrypt the client's file with the public key.
• Client get the file via ftp using your Perl script.
• If the file is new, the script decrypts the file using the private key and then your script runs the unique commands for the user machine(s).

This whole process can be automated using Perl on both sides. (Note: You can set this up so your users on the server aren't real(can't login). I did something similiar for an AIX server using SendMail. I set up 'adduser/deluser' scripts to generate/delete the pseudo user. The only service the user could do was send/pop email.)

You control the access on the server, so if you have a problem with a user, just change their password until it gets resolved.

I think this could be very secure and still keeps you in charge.

Good Luck...Ed