CARP / HASYNC : password in cleartext in .xml
Is it normal to have the password for HASYNC written in cleartext in the .xml backup file (<hasync> section) ?
I know that I can encrypt the whole, but I expected at least a hash of the password.
The primary node has to log into the secondary for XMLRPC sync so it needs to know the cleartext.
You can create a user specifically for XMLRPC sync by making a user with only the
System - HA node syncprivilege if you want to compartmentalize that password's scope.
This doesn't specifically mention the HA XMLRPC sync function but the same information applies there.
Great answer. That is what I was looking for : a limited privilege account.
I will try this soon.
Best Regards (and Merry Xmas to all)