Btw, you can probably let puppet manage the .k5login as well... It's
just an extra small hassle.
On Fri, Apr 22, 2011 at 2:10 AM, Marcello de Sousa <li...@area151.com> wrote:
> I have the same issue (using Likewise Open) and even remember
> discussing this briefly with Jeff (Puppetcamp in Belgium). I still
> could not find a perfect solution.
>
> Likewise open takes care of k5login kerberos file when creating the
> homedir. If the folder already exists because puppet created it,
> LWopen won't do anything and you won't be able to login using SSO.
> There could be more reasons to let LWopen create the folder, but this
> is one I can remember now...
>
> 2 approaches I've seen in the past were :
>
> Option 1- Deploy all public keys to a directory and deploy a script
> that runs regularly to place the keys in the home dir .ssh folder when
> they are created (works but ugly)
>
> Option 2 - Change the sshd_config file to use a centralized
> alternative path for the users' "AuthorizedKeysFile" to
> "/etc/ssh/keys/%u" folder. I believe this is the best choice but
> unfortunately, when I tested this I discovered that RH/Centos stock
> SSHd was not working with this option.YMMV
>
> Cheers,
> Marcello
>
> On Fri, Apr 22, 2011 at 1:00 AM, Jeff McCune <j...@puppetlabs.com> wrote:
>> On Thu, Apr 21, 2011 at 3:41 PM, Corey Osman <co...@logicminds.biz> wrote:
>>> Here is my situation:
>>>
>>> 1. We use Active directory (LDAP) to store all user info which is retrieved
>>> from linux
>>> 2. A home directory is not created until the first time the user logs into
>>> the linux system
>>>
>>>
>>> I am using the ssh_authorized_key type to push out my ssh keys to every
>>> system. However, because I haven't logged into every system at least once.
>>> Puppet errors out due to a missing home directory when trying to create
>>> the authorized_keys file. The simple remedy is to login to the box and
>>> have the home directory created (su - username). However, I would like
>>> the ssh_authorized_key type to not fail but just give a notice. (home
>>> directory does not exist, skipping) therefore the reports don't show errors
>>> and give misleading errors in the reports.
>>>
>>> ssh_authorized_key{ "billys key":
>>> ensure => present,
>>> key => 'billys sshkey',
>>> name => "super duper key",
>>> type => ssh-rsa,
>>> user =>"billy",
>>> onlyif => "test -d /home/${user}"
>>> }
>>>
>>> I am assuming that I can refer to the user with ${user} and that onlyif is
>>> a valid parameter.
>>>
>>> Is this possible?
>>
>> Wouldn't it be better to make sure the home directory does exist, as
>> well as the ~/.ssh directory?
>>
>> This is often accomplished by creating a defined resource type to
>> contain all of the resources you need to manage to give you access to
>> the system.
>>
>> --
>> Jeff McCune
>> Professional Services, Puppet Labs
>> @0xEFF
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
