[ZBXNEXT-3777] Central management for PSK and identities through the gui Created: 2017 Apr 05 Updated: 2020 Jul 03 |
|
| Status: | Open |
| Project: | ZABBIX FEATURE REQUESTS |
| Component/s: | Documentation (D), Frontend (F) |
| Affects Version/s: | 3.2.4 |
| Fix Version/s: | None |
| Type: | New Feature Request | Priority: | Minor |
| Reporter: | Wolfgang Alper | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 6 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Zabbix 3.2 and above |
||
| Issue Links: |
|
||||||||
| Description |
|
Starting with Zabbix version 3.0, one can encrypt communication between zabbix server/proxies and agents/cmd tools using a PSK. This requires a unique identity string per host. When using different PSK/Identities, it would make management more easy, if there would be a central place to mange the identies and have a sort of dropdown or similar to select those unassigned identities within the host configuration. Also, currently one can setup the same identity with different PSKs across multiple hosts, which is a misconfiguration. Maybe there could be a check to warn the user if an identity already exists, but with a different PSK (or maybe an internal item that checks for integrity). Currently, the only way to get an overview for used identities is to query the database: select h.host, h.tls_accept, h.tls_psk, h.tls_psk_identity from hosts as h where h.tls_psk_identity != '' |
| Comments |
| Comment by Wolfgang Alper [ 2017 Apr 05 ] |
|
One note: The Server log shows a misconfiguration. Example: |