Is it possible to store MONUSER's password in encrypted form instead of default plaintext?

Solution In Progress - Updated -

Issue

In oracle resource agent the MONUSER is used to perform "low privilege query" during monitoring operation. MONUSER creates a minimal-privileged database account that can access the DB frequently for monitoring operations without triggering a log message to /var/log/audit/audit.log as accesses by the sysdba account would do.

The MONUSER credentials, specifically the password, are stored in clear text by the cluster, which might be considered violation of security protocols. Even though it is designed to be a minimally privileged account, some organizations have policies prohibiting plain text passwords outright.

Environment

  • Red Hat Enterprise Linux 7
  • resource-agents-3.9.5-105.el7.x86_64 or older

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content