On 10/02/2012 04:19 PM, Martijn van Oosterhout wrote:
> - Punt. Check in the password but set the access controls so it only
> work for very few IPs, then you only need to worry about people who
> can log into *those* machines. Which is controlled by public SSH
> keys which you can check-in safely. Not super safe, but for
> read-only accounts for e.g. nagios might be ok.
I think this is the right answer for us. :) I'll just go through each
specialized user we have now (replication, performance metrics, slony)
and make IP->IP locked-down cases for all of them.
It just feels wrong, somehow. :)
Thanks again, everyone!
--
Shaun Thomas
OptionsHouse | 141 W. Jackson Blvd. | Suite 500 | Chicago IL, 60604
312-444-8534
sthomas@optionshouse.com
______________________________________________
See http://www.peak6.com/email_disclaimer/ for terms and conditions related to this email