On Tue, Sep 21, 2010 at 09:43:26AM +1000, Daniel Pittman wrote: > > I read up on user and group creation and ssh key distribution. The only > > thing i cant wrap my head around is how i should handle passwords. > > I would strongly advise that you deploy an LDAP backed PAM and NSS system, > rather than trying to do all this locally. While it introduces another > dependency into your boot process and network, it substantially reduces the > complexity of doing all this.
I absolutely second this. Puppet modules to integrate LDAP into PAM and nsswitch are trivial to write, moving all the complexity into the LDAP servers (which aren't really that complex and can be made robust with little effort). Without centralised authentication, managing users across a large number of systems is asking for trouble unless the number of users is small and there is little variation in their configuration. -- Bruce Bitterly it mathinketh me, that I spent mine wholle lyf in the lists against the ignorant. -- Roger Bacon, "Doctor Mirabilis" -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
