Forum: Cfengine Help
Subject: Re: Cfengine Help: Updating shadow encrypted fields
Author: nba1314
Link to topic: https://cfengine.com/forum/read.php?3,22452,22569#msg-22569
Yesterday I was in the game to buy equipment, the result has been deceived many
Runescape Gold. Later, my friend told me
Forum: Cfengine Help
Subject: Re: Cfengine Help: Updating shadow encrypted fields
Author: sauer
Link to topic: https://cfengine.com/forum/read.php?3,22452,22498#msg-22498
Tokarski Boleslaw Wrote:
---
> The thing is: on some setups (particula
Forum: Cfengine Help
Subject: Re: Cfengine Help: Re: Cfengine Help: Updating shadow encrypted fields
Author: sauer
Link to topic: https://cfengine.com/forum/read.php?3,22441,22496#msg-22496
My solution looks something like this:
I have a directory which contains a bunch of files like
/opt
On Thu, 16 Jun 2011 21:15:23 +0200 (CEST) debheller wrote:
n> For this particular exercise, I think we'll do this outside of
n> cfengine with an expect script... For a one-time change, cfengine is
n> probably not the right tool in this particular case.
At $(work) we use cfengine with an external
Forum: Cfengine Help
Subject: Re: Cfengine Help: Re: Cfengine Help: Updating shadow encrypted fields
Author: debheller
Link to topic: https://cfengine.com/forum/read.php?3,22441,22487#msg-22487
I like your thinking. What you're describing wouldn't really work for my
particular hosts
Also thinking out loud.. Why not make use of the public keys that reside on
every host in order to store the password in host-specific files at some
common NFS location? I tried getting OpenSSL to work with cfengine's keys
(seeing as they're already stored on the cf-serverd host) but it steadfastl
Forum: Cfengine Help
Subject: Re: Cfengine Help: Updating shadow encrypted fields
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,22441,22481#msg-22481
How long could it take someone to crack the hash, assuming it will be brute
force? How long until the next password
Forum: Cfengine Help
Subject: Re: Cfengine Help: Updating shadow encrypted fields
Author: debheller
Link to topic: https://cfengine.com/forum/read.php?3,22452,22478#msg-22478
B,
Thanks for your ideas! Your solution is very similar to one I was thinking
about, but it feels like it doesn't
Forum: Cfengine Help
Subject: Re: Cfengine Help: Updating shadow encrypted fields
Author: debheller
Link to topic: https://cfengine.com/forum/read.php?3,22441,22477#msg-22477
Neil, yes, it doesn't seem to matter if hashes are the same, or not.
But, it is thought that it is important not t
Okay, I've got your point. For DHCP clients, one needs to grant access
to files not IP/hostname based, but ppkey based. Sounds reasonable.
2011/6/15 Tokarski Boleslaw :
> Hello, Seva,
>
> I'll try to explain my arguments below.
>>
>> you're saying strange things. First of all, Cfengine will only
>
Hello, Seva,
I'll try to explain my arguments below.
> you're saying strange things. First of all, Cfengine will only
> authorize remote files copying if a client is known and matches its
> host key, so that a client can't grab somebody else's IP and get their
> files (because keys won't match).
W
Boleslaw,
you're saying strange things. First of all, Cfengine will only
authorize remote files copying if a client is known and matches its
host key, so that a client can't grab somebody else's IP and get their
files (because keys won't match).
Next, you can add encrypt => "true" to your copy_fr
Hello, deb,
We have a similar setup and this has bugged me for some time. We have
workstations to manage and their actual users have sudo rights, so there
is no way to forbid them to see the actual .cf files, so putting all the
hashes to one .cf file was not an option.
For your server setup, t
Forum: Cfengine Help
Subject: Re: Cfengine Help: Updating shadow encrypted fields
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,22441,22449#msg-22449
The secret conundrum. To automate one must commit the secret to a record.
This is one of the instances that do not go
Forum: Cfengine Help
Subject: Re: Cfengine Help: Updating shadow encrypted fields
Author: debheller
Link to topic: https://cfengine.com/forum/read.php?3,22441,22444#msg-22444
Aye, that would work, but... here's the conundrum - to ensure that we reset
the password locally on the client, we
> Is there a better way? Has someone already done this, and if so, would you
> be willing to share? I am not sure how to do this - It must be done only
> once, and since the encrypted string will be different on each host, you
> can't check for a static value that has been replaced on subsequ
Forum: Cfengine Help
Subject: Updating shadow encrypted fields
Author: debheller
Link to topic: https://cfengine.com/forum/read.php?3,22438,22438#msg-22438
Here's a bit of a brain-twister for y'all... Say, for example, you maintain a
very large group of Linux servers. All access by users account
17 matches
Mail list logo
