On Wed, May 10, 2006 at 04:32:47PM -0500, Brendan Strejcek wrote: > > Possible alternatives would be for the cfagent script to contain some > > other method of distribution. A web server on the central server and > > having the cfagents do 'HTTP PUT' would likely work, for instance. scp > > with restricted shell perhaps. > I like ssh command key services. I'd suggest a script that does a HTTP POST to a CGI that puts the key in the proper place, or if the data is sensitive then do it over https or ssh w/forced commands. The CGI would then be responsible for publishing the key to the appropriate place for cfe to pick it up. The trick with ssh w/forced commands is distributing the ssh key to allow the user to log in.
-Jason Martin -- Useless Invention: Waterproof sponge. This message is PGP/MIME signed.
pgpqWvU1WbQvp.pgp
Description: PGP signature
_______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org http://cfengine.org/mailman/listinfo/help-cfengine
