How exposed are facts? Are there any means to collect resources from a client that I can make use of?
On Sunday, July 22, 2012 3:05:28 AM UTC-5, yersinia.spiros wrote: > > Are you sure that exposing a password hash by a fact is a sane thing > to do from a security point of view ? Too simple to mont a dictionary > attack, isn't ? > > 2012/7/22, bg <[email protected]>: > > This is a bit of a leading question, but is there a limitation as far as > > length/size of facts on a node? > > > > I have a need to perform one way sync of user accounts (non-Puppet > managed > > users) on many pairs of servers. Thus far, it's been done with scripts > > from primary -> backup server, and has been problematic. I'd like to > create > > > > a fact that returns user:password_hash pairs, and then ensure those > users > > are present on the backup server. > > I would guess the largest number of users on a node would be ~100. > > > > Any other creative solutions are appreciated, but keep in mind ldap/nis > > aren't valid options. > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Puppet Users" group. > > To view this discussion on the web visit > > https://groups.google.com/d/msg/puppet-users/-/WVxoEY4gic8J. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > > > > > -- > Inviato dal mio dispositivo mobile > On Sunday, July 22, 2012 3:05:28 AM UTC-5, yersinia.spiros wrote: > > Are you sure that exposing a password hash by a fact is a sane thing > to do from a security point of view ? Too simple to mont a dictionary > attack, isn't ? > > 2012/7/22, bg <[email protected]>: > > This is a bit of a leading question, but is there a limitation as far as > > length/size of facts on a node? > > > > I have a need to perform one way sync of user accounts (non-Puppet > managed > > users) on many pairs of servers. Thus far, it's been done with scripts > > from primary -> backup server, and has been problematic. I'd like to > create > > > > a fact that returns user:password_hash pairs, and then ensure those > users > > are present on the backup server. > > I would guess the largest number of users on a node would be ~100. > > > > Any other creative solutions are appreciated, but keep in mind ldap/nis > > aren't valid options. > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Puppet Users" group. > > To view this discussion on the web visit > > https://groups.google.com/d/msg/puppet-users/-/WVxoEY4gic8J. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > > > > > -- > Inviato dal mio dispositivo mobile > On Sunday, July 22, 2012 3:05:28 AM UTC-5, yersinia.spiros wrote: > > Are you sure that exposing a password hash by a fact is a sane thing > to do from a security point of view ? Too simple to mont a dictionary > attack, isn't ? > > 2012/7/22, bg <[email protected]>: > > This is a bit of a leading question, but is there a limitation as far as > > length/size of facts on a node? > > > > I have a need to perform one way sync of user accounts (non-Puppet > managed > > users) on many pairs of servers. Thus far, it's been done with scripts > > from primary -> backup server, and has been problematic. I'd like to > create > > > > a fact that returns user:password_hash pairs, and then ensure those > users > > are present on the backup server. > > I would guess the largest number of users on a node would be ~100. > > > > Any other creative solutions are appreciated, but keep in mind ldap/nis > > aren't valid options. > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Puppet Users" group. > > To view this discussion on the web visit > > https://groups.google.com/d/msg/puppet-users/-/WVxoEY4gic8J. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > > > > > -- > Inviato dal mio dispositivo mobile > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/jur49cinr64J. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
