I have the same issue (using Likewise Open) and even remember
discussing this briefly with Jeff (Puppetcamp in Belgium). I still
could not find a perfect solution.
Likewise open takes care of k5login kerberos file when creating the
homedir. If the folder already exists because puppet created it,
LWopen won't do anything and you won't be able to login using SSO.
There could be more reasons to let LWopen create the folder, but this
is one I can remember now...
2 approaches I've seen in the past were :
Option 1- Deploy all public keys to a directory and deploy a script
that runs regularly to place the keys in the home dir .ssh folder when
they are created (works but ugly)
Option 2 - Change the sshd_config file to use a centralized
alternative path for the users' "AuthorizedKeysFile" to
"/etc/ssh/keys/%u" folder. I believe this is the best choice but
unfortunately, when I tested this I discovered that RH/Centos stock
SSHd was not working with this option.YMMV
Cheers,
Marcello
On Fri, Apr 22, 2011 at 1:00 AM, Jeff McCune <j...@puppetlabs.com> wrote:
> On Thu, Apr 21, 2011 at 3:41 PM, Corey Osman <co...@logicminds.biz> wrote:
>> Here is my situation:
>>
>> 1. We use Active directory (LDAP) to store all user info which is retrieved
>> from linux
>> 2. A home directory is not created until the first time the user logs into
>> the linux system
>>
>>
>> I am using the ssh_authorized_key type to push out my ssh keys to every
>> system. However, because I haven't logged into every system at least once.
>> Puppet errors out due to a missing home directory when trying to create the
>> authorized_keys file. The simple remedy is to login to the box and have the
>> home directory created (su - username). However, I would like the
>> ssh_authorized_key type to not fail but just give a notice. (home directory
>> does not exist, skipping) therefore the reports don't show errors and give
>> misleading errors in the reports.
>>
>> ssh_authorized_key{ "billys key":
>> ensure => present,
>> key => 'billys sshkey',
>> name => "super duper key",
>> type => ssh-rsa,
>> user =>"billy",
>> onlyif => "test -d /home/${user}"
>> }
>>
>> I am assuming that I can refer to the user with ${user} and that onlyif is a
>> valid parameter.
>>
>> Is this possible?
>
> Wouldn't it be better to make sure the home directory does exist, as
> well as the ~/.ssh directory?
>
> This is often accomplished by creating a defined resource type to
> contain all of the resources you need to manage to give you access to
> the system.
>
> --
> Jeff McCune
> Professional Services, Puppet Labs
> @0xEFF
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
