On Wed, Feb 2, 2011 at 10:52 AM, Ashley Gould <ago...@ucop.edu> wrote: > On Mon, Jan 31, 2011 at 06:27:20PM -0800, Daniel Pittman wrote: >> In the longer term I would hope to have that information pushed out >> from the puppet system, so that if a node *should* be joined with >> centrifyDC puppet will make it so, but until then what you have is >> great. > > I have considered that option, but I'll need to learn to walk first. > What makes it difficult for puppet to manage this task is that the > centrifyDC tools require authorization as AD admin user to join a > node to AD. This can be scripted, but I don't want to hardcode AD > admin passwords into puppet manifests. Again, suggestions are very > welcome.
Are you ok with keeping these credentials on disk at all? If so, you could feed the relevant join exec the data from local disk. Another alternative would be to set up an out-of-band process where the clients reuse their SSL certificates to make client-authenticated requests to a host that returns the relevant credentials only during the times when the node needs them. > > > -- > > -ashley > > Did you try poking at it with a stick? > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
