For internal IRIS accounts like Admin, _system, etc... could we incorporate so mechanism to use encryption keys for Authentication instead of using passwords.
We have written a couple of shell scripts that login via Terminal and execute EnableConfigItem to control stop/start via the cron scheduler on our systems.
Those shell scripts currently have the password hardcoded within them, and have been tasked by our Security Audit to limit access to those passwords.
So what better to use then an Encryption key, that just has to be regulated a couple of times a year instead of having to update the password in multiple scripts/ locations and no one can read the key to find out the password
Thank you for submitting the idea. Based on information from our experts the status of your idea was changed to "Will not implement". Please look for details in the comments on the idea. Good luck!
Dear @Guest! Thank you for your idea. After a thorough investigtion it was decided not to implement it at this time. Following is the comment by the product management team:
Those encryption keys are very long. Because of this the typical response is to store them somewhere and retrieve them. That will expose an otherwise highly protected component. (The future wallet might satisfy this need, but needs more research).
Scott Roth , you have a comment on your idea. Please answer it to help your idea to be promoted.
Actually if you saying only using with scripts, it have to be done by using
SSH with keys + OS authentication in IRIS,
optionally set irissession as shell for the user
In this case, user will login to the server using the key and will sign in automatically with required access