On Wed, May 06, 2009 at 04:02:54PM +0200, Bj?rn Dyre Dyresen wrote: > It's easy enough to just use sed in a exec to updatet the hash in shadow. I > agree that having a clear text root passord floating around is a bad idea. > That would lead it to be in the manifests, in subversion, in syslog and > probably in the yaml cache like Chad said.
Most Linux distributions include a utility called chpasswd, which can read username/password pairs (with the password encrypted) from stdin. It's reasonably secure (you could, for example, push out a file with 400 permissions and then feed it to chpasswd locall6), respects login.defs and is safer than simply running sed against the shadow file. -- Bruce Bitterly it mathinketh me, that I spent mine wholle lyf in the lists against the ignorant. -- Roger Bacon, "Doctor Mirabilis" --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
