Policy run scripts "security"

rstasel
Valued Contributor

Hi All,

Curious about whether a client machine caches scripts that it's told to run, or are they just handled at runtime by the jamf binary?

Basically:
Do I want the client to talk directly to our asset management system and have credentials within the script for that to happen, or
Do I want to have the client just pass along it's serial to a gateway server that holds those credentials (client passes along serial via curl, webserver then queries the asset management system retrieves info, then passes that info back to the client)?

The concern is that our system doesn't have the ability to have a read-only api account. So any credentials put in the script could theoretically allow more access than is needed.

Thanks!

0 REPLIES 0