Red Hat Bugzilla – Bug 828498
[RFE] Remove hard coded postgres password in /usr/share/aeolus-configure/modules/aeolus/manifests/conductor.pp
Last modified: 2013-09-19 16:54:06 EDT
The /usr/share/aeolus-configure/modules/aeolus/manifests/conductor.pp file contains the password for the aeolus postgres user.
Perhaps a better method is to regenerate the password on the fly so that it's not always hard-coded.
BZ 805436 seemed related to this, but perhaps this BZ is more specific.
There are (at least) two appropriate usages here that need to be taken into account:
a) Secure environment use (ie production environment)
This will need the password randomized when a server
is brought up. Probably suited to aeolus-configure.
The randomized password also _must not_ be viewable
in a world readable file.
b) Fast and easy use (ie personal developers desktop)
Having to manually look up the newly generated password
each time aeolus-configure is run, could be a pain
Having an easy way to get the randomized password
into .pgpass for developers will probably take care
of this though. (once per configure run)