On 12/10/2012 04:47 PM, jcbollinger wrote:
There are good, industry-standard approaches to centralized password management. You should really choose among those instead of rolling your own. One of the best-regarded is LDAP, and you could also consider NIS (just to name two). The former is more secure, but the latter is very easy to set up.
Judging that the current solution stores passwords in /etc/shadow, I assume that these passwords are for ssh only, and if that's the case the easiest and most secure way would be to enforce ssh key logins, and distribute keys instead of passwords. Public keys could be updated without granting access to puppet master.
If that's not the case, then LDAP is a way to go. -- Jakov Sosic www.srce.unizg.hr -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
