[pca] Account security settings

Fred fchagnon at gmail.com
Mon May 9 18:47:34 CEST 2011


I'm looking at setting up a pca proxy. On the client side, I have the config
file referencing the webserver CGI for patches, xref file and pcafile. It's
all working great.

On the server side, my pca-proxy.conf specifies where patches are cached, as
well as a wgetproxy necessary for external access, and for now, it's using
my MOS account. But this needs to change. My concern is regarding the MOS
username and password, and where to specify it. The patching process will be
used by many sysadmins, all of whom have their own MOS accounts (all
licensed under the corporate CSI).

Ideally, I would like the sysadmin running the pca client to use the -a
argument so that he/she is prompted for the MOS credentials interactively,
but doing this doesn't seem to send the credentials to the proxy server.
Rather, the client tries the proxy and it returns a 401 unauthorized error.
The client then proceeds to authenticate directly against
getupdates.oracle.com. In my environment, hosts don't have access to the big
band Internet, so these attempts will fail.

So I'm resigned to think that I must have an MOS account user and passwd
configured within the /etc/pca-proxy.conf file on the server side. All out
admins have access to the servers. so the problem here is I don't think I'll
get someone to volunteer to have their MOS account's password written in
cleartext on the proxy host's filesystem.

What other options do I have?

-- 
Fred Chagnon
fchagnon at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.univie.ac.at/pipermail/pca/attachments/20110509/d6df6908/attachment.html>


More information about the pca mailing list