On Sat, December 2, 2006 11:57 pm, Joshua Penix wrote: > On Dec 2, 2006, at 7:13 PM, Tracy R Reed wrote: > >> Sure, perhaps for just a few minutes but then it won't work on the >> system anymore because it won't match the key in the cfengine >> config which would overwrite whatever key they install. > > No no, the passphrase is stored as part of the user's private key. > Your cfengine scripts are only managing the public half of the keys, > right? The passphrase can be removed from the private key without > anything changing in the public key. >
Apropos of security, I have wondered why we don't generate our key and keyring (certificates, all those other things I don't really understand) on a finger drive that we carry with us on a loop around our neck. Commants? -- Lan Barnes Tcl/Tk Enthusiast SCM Analyst Linux Guy Biodiesel Brewer -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-lpsg
