Could you elaborate a bit, are you saying there is a company policy or similar issue which does not permit it? Are you saying it does not work?

If it's policy, do they realize that if someone can get access to the config and/or zabbix account they can also get access to the database, no matter how you connect to it?

Also, you can limit mysql connections to localhost so that knowing the password will not help someone external.

There are other options in Postgresql such as "peer" (though I have not tried to see if that works with zabbix).

Yes,it is a company policy,since we need to configure plain text password in Zabbix server configuration file so that the server can work,which is not allowed.

We are not going to use other databases as well.

any ideas? can we encrypt the password?how should we do it?


thanks

Perhaps someone else can answer. Doing a search for encrypt, password and mysql yields a lot of results, but whether any will satisfy you I do not know.

But here's the thing... as applied, the policy is stupid. If it's possible in a config file to store an encrypted password and have it accepted, then it's also possible if someone finds out that encrypted password to use it -- at least to the extent they could use a clear text one.

Encrypting helps when you are trying to prevent interception across a transmission medium, so if you had zabbix sending that password (say) to an agent. But in this case it's in a file and used to access the localhost version of mysql. Anyone or anything that intercepts that is equally able to intercept AND USE the encrypted one, because they already have at least the privileges of zabbix.

I understand the policy, believe me I've created a lot of dumb ones as management in the past to satisfy COBIT/SOX/PCI/etc. So it may be you cannot do anything about the policy. But you might at least consider taking a run at explaining that Mysql is locked down so it cannot be used WITH the password if it was found out (e.g. only allowed from localhost).

But perhaps someone else can tell you if there's a way to do what you want.