Using PAM for authentication breaks monit cli unless you put root's password in monit config
Issue #119
closed
Ideally I'd like something like this to work: set httpd port 2812 and allow localhost allow @group1 allow @group2
Currently I can only get monit cli to work in conjunction with PAM authentication if I do this: set httpd port 2812 and allow root:password allow @group allow @group2
It's not ideal to put a cleartext root password in a config file even if it has 600 permissions.
Update: I just realized a password hash works which is better but still not ideal.
Comments (3)
-
-
repo owner - changed status to closed
You do not have to add the root password in
.monitrc
any username/password will do. It is just that Monit requires at least one clear-text password to be able to connect from the client to the Monit daemon. -
repo owner - removed version
Removing version: 5.9 (automated comment)
- Log in to comment
[off] It is very dangerous to have root password. Please consider deleting it from
/etc/shadow
and adding your normal user to the sudo group.