On Thu, 16 Jul 2009, Aaron McCaleb wrote: > David, > > Cfengine, and in particular Cfengine3, will not provide a turnkey > solution for what you describe, which is why Ed prefaced this with "if > you look at this [as] a part of a larger opportunity". > > But Cfengine3 has so much more potential than simple maintenance of > system configs and software. It is better to think of Cfengine as an > autonomic system: > > http://en.wikipedia.org/wiki/Autonomic_system_(computing) > > It would require some thought, and maybe some supplemental scripts for > Cfengine to utilize, but it certainly should be possible to implement > a framework for accomplishing what you seek. > > The question is, after you finish, will you at least break even > compared to one year's expense for the commercial offerings you > described.
If I am having to develop the system myself, I can do it with something that's much simpler than cfengine, and doesn't require introducing cfengine on systems that other departments control. overall, I don't see how cfengine actually gains me anything. yes, if I was really trying to introduce cfengine I could possibly use this as a hook to try and drive it, but that would be questionable at least. David Lang > --Aaron > > On Thu, Jul 16, 2009 at 14:10, <[email protected]> wrote: >> On Thu, 16 Jul 2009, Ed wrote: >> >>> On Mon, Jul 13, 2009 at 12:12 PM, <[email protected]> wrote: >>>> I currently have a commercial tool that does root password management and >>>> am looking for other options (the maintinance price of this tool is in the >>>> 6-digits per year) >>>> >>>> the tool reaches out and changes the root passwords on the systems, and >>>> then has an sudited request/approve/release process for giving out the >>>> root password as needed (an then changing it afterwords) >>>> >>>> we use this for cases where our normal access methods (including sudo type >>>> things) don't work, so I'm not interested (at this time) in discussions on >>>> those types of tools, just tools that can change the root passwords >>>> periodicly and then release them to the sysadmins as needed. >>>> >>>> I know that thre are at least three companies doing commercial tools that >>>> do this >>>> >>>> Symark (Power Keeper) >>>> Quest >>>> and I'm forgetting the name of the third company (Symark's Power Keeper >>>> started off as a re-branding of this other company and now the codebase >>>> has forked) >>>> >>>> any suggestions (including open source options)? >>>> >>>> David Lang >>> >>> >>> David, >>> >>> If you look at this a small part of a larger opportunity, you might >>> give CFengine3 a look - the management of ID & certs is an important >>> part of its operation. You can start off free, and go pro if you >>> deploy. >>> >>> this isn't exactly a GUI app - fair warning,... err a promise (ever >>> heard of Promise Theory?) http://www.cfengine.org/ >> >> I know a little about cfengine, but I've never heard of CFengine being >> used to change root passwords on a machine, let alone any mechanism to >> issue the root password to users as needed and audit it. >> >> if I am wrong and cfengine has this sort of capability, please point me at >> it, but my understanding is taht cfengine is for building and maintaining >> system configs and software. >> >> David Lang >> _______________________________________________ >> Discuss mailing list >> [email protected] >> http://lopsa.org/cgi-bin/mailman/listinfo/discuss >> This list provided by the League of Professional System Administrators >> http://lopsa.org/ >> > _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
