On Sep 22, 2010, at 1:56 PM, Radek wrote: > I chose to manage users with puppet. The only thing I did not like was > password management. I did not want to put user's password in the > manifest files. Instead I execute two commands when a user is created > (only once): set an empty password (usermod -p '"" username) and set > the password to expired (chage -d 0 username). This will force the > user to set the password with the first login. I also place user's ssh > key with ssh_authorized_key (I store the public keys in the manifests) > and disable password logins on the box.
Centralized user management is usually worth the effort, but even if you don't do that, you should probably pick a default password that isn't blank. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
