On Thu, 16 Jun 2011 21:15:23 +0200 (CEST) debheller wrote: n> For this particular exercise, I think we'll do this outside of n> cfengine with an expect script... For a one-time change, cfengine is n> probably not the right tool in this particular case.
At $(work) we use cfengine with an external tool to manage host properties like this (the configuration for the whole thing is pulled via Git over HTTPS). So we call the tool from cfengine using the module protocol, get variables for whatever is needed, and proceed happily. Password hashes, then, would be just another host property we distribute along with things like "owner=X" and "colo=Y". Oh, and if I was editing the root password, I'd do it on another account with uid 0 (and make sure access.conf allows that account to login :) Ted _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
