[prev in list] [next in list] [prev in thread] [next in thread]
List: openser-users
Subject: Re: [SR-Users] Presence of plain text username and password in kamailio.cfg
From: Ahmed Marsou <amarsou1988 () gmail ! com>
Date: 2020-11-19 11:26:14
Message-ID: CAAhbnhy_k80Kk_=NP0irCje_6RzC=bDJRx8EbEMBtqZAJc8zhQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Yes, in fact using API is the better way, but I need time to do it.
Finaly I add on kamailio.service a post and pre execution task that give
rights just on strat process.
Thank you so much to evrybody.
El jue, 19 nov 2020 a las 12:13, Olle E. Johansson (<oej@edvina.net>)
escribió:
> It is an interesting proposal to find a way for Kamailio to fetch external
> credentials in run-time,
> not having them in clear text in config files. Like integration with
> hashicorp vault or something.
>
> /O
>
> On 18 Nov 2020, at 15:50, Ahmed Marsou <amarsou1988@gmail.com> wrote:
>
> Thank you so much, David and Alexandru.
> I'm not sure but i read something about reading the config from my.cnf
>
> http://www.kamailio.org/docs/modules/5.0.x/modules/db_mysql.html#idp419
>
> The problem is that my.cnf, have 600 permission and I'm running kamailio
> with user kamailio, so the question is,
> There is a way to read this file as root on startup but run kamailio as
> kamailio?
> The option AWS Parameter Store, is something related to amazon, right?
>
> Tank you so much.
>
> El mié., 18 nov. 2020 a las 15:29, David Villasmil (<
> david.villasmil.work@gmail.com>) escribió:
>
>> I just get the params from AWS Parameter Store and pass it to Kamailio on
>> startup. Downsize is you can see them in "ps".
>>
>> On Wed, 18 Nov 2020 at 12:40, Alexandru Covalschi <568691@gmail.com>
>> wrote:
>>
>>> Alternative way is to use unixodbc, but it just means you put the
>>> password into another file.
>>>
>>> ср, 18 нояб. 2020 г. в 14:35, Alexandru Covalschi <568691@gmail.com>:
>>>
>>>> Don't use databases. Create an API and use it to access the data you
>>>> need. Won't work for every possible usage, but in general API-driven
>>>> SIP-routing is very possible with Kamailio, especially with KEMI.
>>>>
>>>> ср, 18 нояб. 2020 г. в 11:32, Ahmed Marsou <amarsou1988@gmail.com>:
>>>>
>>>>> Hi;
>>>>> I want to remove all plain text usernames an passwords from
>>>>> kamailio.cfg file. Like modparam("auth_db", "db_url", "dbdriver://
>>>>> username:password@dbhost/dbname")
>>>>> or this modparam("sqlops","sqlcon","ca=>dbdriver://username:password
>>>>> @dbhost/dbname")
>>>>> Can you help me with some ideas of how can I handle that?
>>>>> Thank you.
>>>>> _______________________________________________
>>>>> Kamailio (SER) - Users Mailing List
>>>>> sr-users@lists.kamailio.org
>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>>
>>>>
>>>> --
>>>> Alexandru Covalschi
>>>> VoIP engineer and system administrator
>>>> tel: +37367398493
>>>>
>>>>
>>>
>>> --
>>> Alexandru Covalschi
>>> VoIP engineer and system administrator
>>> tel: +37367398493
>>>
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing List
>>> sr-users@lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> --
>> Regards,
>>
>> David Villasmil
>> email: david.villasmil.work@gmail.com
>> phone: +34669448337
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
[Attachment #5 (text/html)]
<div dir="ltr"><div dir="ltr">Yes, in fact using API is the better way, but I need \
time to do it. <br>Finaly I add on kamailio.service a post and pre execution task \
that give rights just on strat process. <br>Thank you so much to \
evrybody.<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">El \
jue, 19 nov 2020 a las 12:13, Olle E. Johansson (<<a \
href="mailto:oej@edvina.net">oej@edvina.net</a>>) escribió:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div style="overflow-wrap: break-word;">It is an \
interesting proposal to find a way for Kamailio to fetch external credentials in \
run-time,<div>not having them in clear text in config files. Like integration with \
hashicorp vault or something.</div><div><br></div><div>/O<br><div><br><blockquote \
type="cite"><div>On 18 Nov 2020, at 15:50, Ahmed Marsou <<a \
href="mailto:amarsou1988@gmail.com" target="_blank">amarsou1988@gmail.com</a>> \
wrote:</div><br><div><div dir="ltr"> Thank you so much, David and Alexandru. \
<div>I'm not sure but i read something about reading the config from \
my.cnf</div><div><br></div><div><a \
href="http://www.kamailio.org/docs/modules/5.0.x/modules/db_mysql.html#idp419" \
target="_blank">http://www.kamailio.org/docs/modules/5.0.x/modules/db_mysql.html#idp419</a><br></div><div><br></div><div>The \
problem is that my.cnf, have 600 permission and I'm running kamailio with user \
kamailio, so the question is, </div><div>There is a way to read this file as root on \
startup but run kamailio as kamailio?</div><div>The option AWS Parameter Store, is \
something related to amazon, right?</div><div><br></div><div>Tank you so \
much.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">El \
mié., 18 nov. 2020 a las 15:29, David Villasmil (<<a \
href="mailto:david.villasmil.work@gmail.com" \
target="_blank">david.villasmil.work@gmail.com</a>>) \
escribió:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">I just \
get the params from AWS Parameter Store and pass it to Kamailio on startup. Downsize \
is you can see them in "ps".</div><div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Wed, 18 Nov 2020 at 12:40, Alexandru Covalschi <<a \
href="mailto:568691@gmail.com" target="_blank">568691@gmail.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div \
dir="ltr">Alternative way is to use unixodbc, but it just means you put the password \
into another file.</div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">ср, 18 нояб. 2020 г. в 14:35, Alexandru Covalschi <<a \
href="mailto:568691@gmail.com" \
target="_blank">568691@gmail.com</a>>:<br></div></div><div \
class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div \
dir="ltr">Don't use databases. Create an API and use it to access the data you \
need. Won't work for every possible usage, but in general API-driven SIP-routing \
is very possible with Kamailio, especially with KEMI.</div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">ср, 18 нояб. 2020 г. в \
11:32, Ahmed Marsou <<a href="mailto:amarsou1988@gmail.com" \
target="_blank">amarsou1988@gmail.com</a>>:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi;<div>I want to remove all plain \
text usernames an passwords from kamailio.cfg file. Like \
modparam("auth_db", "db_url", "dbdriver://<span \
style="background-color:rgb(241,194,50)">username:password</span>@dbhost/dbname")</div><div>or \
this
modparam("sqlops","sqlcon","ca=>dbdriver://<span \
style="background-color:rgb(241,194,50)">username:password</span>@dbhost/dbname")</div><div>Can \
you help me with some ideas of how can I handle that?<br>Thank you.<br></div></div> \
_______________________________________________<br> Kamailio (SER) - Users Mailing \
List<br> <a href="mailto:sr-users@lists.kamailio.org" \
target="_blank">sr-users@lists.kamailio.org</a><br> <a \
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" \
target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br> \
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr"><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr">Alexandru Covalschi<br><div>VoIP \
engineer and system administrator<br>tel: \
+37367398493<br><br></div></div></div></div></div></div></div> </blockquote></div><br \
clear="all"><div><br></div>-- <br><div dir="ltr"><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr">Alexandru Covalschi<br><div>VoIP engineer and system \
administrator<br>tel: +37367398493<br><br></div></div></div></div></div></div></div> \
_______________________________________________<br> Kamailio (SER) - Users Mailing \
List<br> <a href="mailto:sr-users@lists.kamailio.org" \
target="_blank">sr-users@lists.kamailio.org</a><br> <a \
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" \
target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br> \
</blockquote></div></div>-- <br><div dir="ltr"><div \
dir="ltr"><div>Regards,</div><div><br></div>David Villasmil<div>email: <a \
href="mailto:david.villasmil.work@gmail.com" \
target="_blank">david.villasmil.work@gmail.com</a></div><div>phone: \
+34669448337</div></div></div> _______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" \
target="_blank">sr-users@lists.kamailio.org</a><br> <a \
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" \
target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br> \
</blockquote></div> _______________________________________________<br>Kamailio (SER) \
- Users Mailing List<br><a href="mailto:sr-users@lists.kamailio.org" \
target="_blank">sr-users@lists.kamailio.org</a><br><a \
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" \
target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br></ \
div></blockquote></div><br></div></div>_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" \
target="_blank">sr-users@lists.kamailio.org</a><br> <a \
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" \
target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br> \
</blockquote></div></div>
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic