Ad Widget

Collapse

Zabbix agent postgres authentication: Client certificates

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • arny31380
    Junior Member
    • Nov 2020
    • 2
    #1

    Zabbix agent postgres authentication: Client certificates

    Hi,

    Storing the Zabbix credential (login/password) into template_db_mysql.conf is not so secure.
    Could it be possible to use the SSL client certificates method ?
    Regards.
    Tags: None
    • Hamardaban
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • May 2019
      • 2713
      #2
      https://www.zabbix.com/documentation..._encrypt/mysql ???

        Comment

        • arny31380
          Junior Member
          • Nov 2020
          • 2
          #3
          Yes Hamardaban his is how to secure in-transit connection but this is not my issue. My main concern is the authentication.

          Today the only way to authenticate the Zabbix postgres agent is basic authentication (login/password) stored into the template_db_mysql.conf

          Is there a possibility to request for a improvement by adding more authentication method like client certificates (massively used by machine to machine interfaces) ?

          Using client certificates prevent from storing user credential into flat files, the security is then increased.
          Regards.

            Comment

            • cyber
              Senior Member
              Zabbix Certified SpecialistZabbix Certified Professional
              • Dec 2006
              • 4807
              #4
              If you read carefully, it does not say you have to put those credentials in that file ...

              #For OS Linux: You need create .my.cnf in zabbix-agent home directory (/var/lib/zabbix by default)
              #The file must have three strings:
              #[client]
              #user='zbx_monitor'
              #password='<password>'

              So you can restrict access to required my.cnf file, just as well as to any other file in server...

              You are welcome also to make those UserParameters work with your desired authentication method. I guess some help would be from the page Hamardaban linked...

                Comment

                Previous template Next
                Working...