Aaron wrote: [snip] > I guess I'm looking for suggestions on how to deal with the mess. It > seems like the obvious solution is migrating to LDAP or some kind of > equivalent. That seems daunting because I don't know how I would ever > manage a seamless transition on such a complex production network where > extended downtime is unacceptable. Perhaps after consolidating all of > the cfengine passwd files, I could enter everything into an LDAP server > and then export from LDAP to a few distinct passwd files (based on > security requirements) and then push those out with cfengine. You can > probably tell I'm grasping at straws here.
Just be careful with LDAP login authentication; I've seen a server where if the LDAP subsystem falls over, you can't log in as root on the console. Its an obsolete system so I'm not going to be fixing it, but when LDAP fails its not good. Time to give it the three-fingered salute and hope that LDAP does run ok after a reboot. Disclaimer: I didn't set this up. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org http://cfengine.org/mailman/listinfo/help-cfengine
