Building RPM containing passwords

passwordrpm

I need to be able to send an RPM to customers that will install the complete server, including Apache and MySQL. The customers will install it on a clean machine.

After installation, the server should connect to our main DB, so I though of including the password in the RPM somehow, encrypted if possible.

The reason I'm asking this is because I'm pretty sure that it's not wise to save the password in the rpm scripts. I was hoping that someone else had a similar problem and managed to solve that somehow.

If anyone knows a way to do that, or have a better idea please share!

Best Answer

Assuming that each customer has a unique password...you could build the passwords into the RPMs if you generate the packages on demand when the custom requests them. The workflow would look something like this:

  • Customer requests package.
  • You generate a random password for the customer and update your database with the new password.
  • You generate the RPM package appropriate configured with the new password.
  • You deliver it to the customer.
  • You delete the package off your server.

This is reasonably secure while still allowing your customer to have a completely functional install.

If you don't want to invest the time to put this workflow together, I think your best solution is to include a script that the customer runs post installation that will prompt for a password and configure the necessary files.

Related Topic