2009/5/6 Ryan Dooley :
>
> Chad Huneycutt wrote:
>> I am not sure everyone is on the same page:
>>
>> 1. you don't want to have the root password (encrypted or not) showing
>> up in the process listing of your clients.
>
> Well, this is a policy/philosophy issue. The question is "what is an
> acc
Thank you ! I find my problem ! I will modify the module with user
type.
On May 6, 9:54 pm, Chad Huneycutt wrote:
> I have a couple of concerns about this (at least in my environment).
> First, the root password would be clearly visible (not even crypted!)
> In the process listing during execut
On May 6, 3:51 pm, 骡骡 wrote:
> in 1st day of each month , change passwd of root.
>
> # vi /etc/puppet/modules/user/manifests/init.pp
>
> class user {
> exec { "rootpw":
> command => "/usr/sbin/usermod -p $rootpw root",
> onlyif => "/usr/bin/test `/bin/dat
Chad Huneycutt wrote:
> I am not sure everyone is on the same page:
>
> 1. you don't want to have the root password (encrypted or not) showing
> up in the process listing of your clients.
Well, this is a policy/philosophy issue. The question is "what is an
acceptable risk for your environment?"
I am not sure everyone is on the same page:
1. you don't want to have the root password (encrypted or not) showing
up in the process listing of your clients.
2. even if you are generating the password on the master, it is going
to show up in the yaml on the client, and if that is the case, it
wou
We sort of do this we set a global $password in our site.pp. That
$password is an MD5 string. My environment is currently all Linux.
Then, in our base module we have:
exec {
"set-root-password":
path => "/usr/sbin:/sbin"
command => "/bin/echo root:$password | /usr/sbin/chpasswd -e"
}
On Wed, May 6, 2009 at 2:25 PM, Bruce Richardson wrote:
>
> On Wed, May 06, 2009 at 02:02:42PM -0500, Evan Hisey wrote:
>> >
>> > But it will still show up unencrypted in processlist.
>> >
>> Only on the puppetmaster server, and this would happen no matter how
>> you generate the password encrypt
On Wed, May 06, 2009 at 02:02:42PM -0500, Evan Hisey wrote:
> >
> > But it will still show up unencrypted in processlist.
> >
> Only on the puppetmaster server, and this would happen no matter how
> you generate the password encryption.
Not true. There are several utilities that can read from st
On Wed, May 6, 2009 at 1:40 PM, Marcin Owsiany wrote:
>
> On Wed, May 06, 2009 at 09:24:41AM -0500, Evan Hisey wrote:
>> openssl passwd -crypt $passwd
> [...]
>> encrypted password so it will go over the wire encrypted. It will now
>
> But it will still show up unencrypted in processlist.
>
> --
On Wed, May 06, 2009 at 04:02:54PM +0200, Bjørn Dyre Dyresen wrote:
> 2009/5/6 Chad Huneycutt
>
> >
> > I have a couple of concerns about this (at least in my environment).
> > First, the root password would be clearly visible (not even crypted!)
> > In the process listing during execution of th
On Wed, May 06, 2009 at 09:24:41AM -0500, Evan Hisey wrote:
> openssl passwd -crypt $passwd
[...]
> encrypted password so it will go over the wire encrypted. It will now
But it will still show up unencrypted in processlist.
--
Marcin Owsiany http://marcin.owsiany.pl/
GnuPG: 1024D/
On Wed, May 06, 2009 at 04:02:54PM +0200, Bj?rn Dyre Dyresen wrote:
> It's easy enough to just use sed in a exec to updatet the hash in shadow. I
> agree that having a clear text root passord floating around is a bad idea.
> That would lead it to be in the manifests, in subversion, in syslog and
>
On Wed, May 6, 2009 at 2:51 AM, 骡骡 wrote:
>
> in 1st day of each month , change passwd of root.
>
> # vi /etc/puppet/modules/user/manifests/init.pp
>
> class user {
>exec { "rootpw":
>command => "/usr/sbin/usermod -p $rootpw root",
>onlyif => "/usr/bin/test
Hi
> It's easy enough to just use sed in a exec to updatet the hash in shadow. I
> agree that having a clear text root passord floating around is a bad idea.
> That would lead it to be in the manifests, in subversion, in syslog and
> probably in the yaml cache like Chad said.
it's even easier t
2009/5/6 Chad Huneycutt
>
> I have a couple of concerns about this (at least in my environment).
> First, the root password would be clearly visible (not even crypted!)
> In the process listing during execution of the usermod. Second,
> similarly, the root password is stored in plaintext on the
>
I have a couple of concerns about this (at least in my environment).
First, the root password would be clearly visible (not even crypted!)
In the process listing during execution of the usermod. Second,
similarly, the root password is stored in plaintext on the
puppetmaster. Actually, would that v
I have a couple of concerns about this (at least in my environment).
First, the root password would be clearly visible (not even crypted!)
In the process listing during execution of the usermod. Second,
similarly, the root password is stored in plaintext on the
puppetmaster. Actually, would that v
On Wed, 06 May 2009, 骡骡 wrote:
> in 1st day of each month , change passwd of root.
> exec { "rootpw":
> command => "/usr/sbin/usermod -p $rootpw root",
> onlyif => "/usr/bin/test `/bin/date -d now +%d` = '01'",
Assuming you run puppet every 30 minutes, won'
18 matches
Mail list logo
