2009/5/6 Chad Huneycutt <[email protected]> > > I have a couple of concerns about this (at least in my environment). > First, the root password would be clearly visible (not even crypted!) > In the process listing during execution of the usermod. Second, > similarly, the root password is stored in plaintext on the > puppetmaster. Actually, would that variable be stored in each hosts > yaml cache? > > Puppet has a user type that I think would be much better. I haven't > done this yet, but assuming you have installed ruby-shadow package, > you just need to specify the crypted string. > > It's easy enough to just use sed in a exec to updatet the hash in shadow. I agree that having a clear text root passord floating around is a bad idea. That would lead it to be in the manifests, in subversion, in syslog and probably in the yaml cache like Chad said.
Regards --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
