Other than the occasional password hash I can't think of anything that private that would require such drastic measures. In the case of passwords configuration, a centralized authority, such as Kerberos, would the better approach. Barring that, I might have the policy copy only local secrets to target clients rather than in bulk. So a local crack will only affect that host which is already lost.
-- Neil Watson Linux/UNIX Consultant http://watson-wilson.ca _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
