Majic Projects
Majic Ansible Roles
Go to the previous open issue
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
icon_project.png Majic Ansible Roles / Closed Enhancement MAR-168 Mandate use of unix socket authentication for the root user in database_server role
Go to the next issue (open or closed)
Go to the next open issue
There are no more issues in that direction.
This issue has been closed with status "Closed" and resolution "RESOLVED".
Issue basics
  • Type of issue
    Enhancement
  • Category
    Security
  • Targetted for
    5.0.0
  • Status
    Closed
  • Progress
  • Priority
    Not determined
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    3 hours
  • Time spent
    5 hours
    Click here to see time logged against this issue
Issue details
  • Resolution
    RESOLVED
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Description

The database_server role currently uses password-based authentication for the root user, limiting authentication to localhost. Since the database_server is only ever used from the same server, though, it would be beneficial to get rid of password-based authentication for the root user, and to rely on the unix socket authentication instead.

This would both reduce number of passwords used, as well as make the root database user logins safer (since it would prevent other processes from logging-in as root user provided they can guess the password).

The following should be done:

  • Update the database_server role.
    • Drop the db_root_password parameter.
    • Switch to using the unix socket authentication for the root user.
    • Make sure the user is set-up correctly and that the root user cannot login without providing any kind of credentials/authentication.
    • There is also a TODO entry in the role tasks that should be taken care of.
  • Update tests. Pay attention to tests for roles that use the database_server role directly/indirectly.
  • Update test site configuration.
  • Update usage instructions.
  • Update role reference.
  • Update release notes.
Todos (0 / 0)
There are no comments