On Mon, 2019-10-28 at 13:12 -0400, Valdis Klētnieks wrote: > On Mon, 28 Oct 2019 14:02:57 -0000, "Oesterlin, Robert" said: > > Any by the way, stores a plain text password in the sssd.conf file > > just for good measure! > > Note that if you want the system to come up without intervention, at > best you can only store an obfuscated password, not a securely > encrypted one. >
Kerberos and a machine account spring to mind. Crazy given Kerberos is a Unix technology everyone seems to forget about it. Also my understanding is that in theory a TPM module in your server can be used for this https://en.wikipedia.org/wiki/Trusted_Platform_Module Support in Linux is weak at best, but basically it can be used to store passwords and it can be tied to the system. Locality and physical presence being the terminology used. JAB. -- Jonathan A. Buzzard Tel: +44141-5483420 HPC System Administrator, ARCHIE-WeSt. University of Strathclyde, John Anderson Building, Glasgow. G4 0NG _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
