On Mon, Sep 8, 2008 at 10:52 AM, Seth Vidal <skvidal@xxxxxxxxxxxxxxxxx> wrote: > On Mon, 2008-09-08 at 11:49 -0500, Mike McGrath wrote: >> On Mon, 8 Sep 2008, Seth Vidal wrote: >> >> > On Mon, 2008-09-08 at 09:19 -0600, Stephen John Smoogen wrote: >> > > On Mon, Sep 8, 2008 at 9:16 AM, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote: >> > > > So I'm going to hold a couple more training seminars for Puppet in >> > > > Fedora's Infrastructure. I was hoping you guys could also throw some >> > > > questions together so i make sure I don't miss anything. >> > > > >> > > >> > > Are the old seminars up somewhere? My whole look at puppet is from >> > > 30k. I know more about cfengine .. which has made me look at some of >> > > the 'limitations' of puppet as 'huh?' versus purposeful design >> > > decisions. Heck I don't even know how to make a root password across a >> > > cluster :). >> > >> > >> > don't feel bad, no one else does, either. >> > >> > Not without leaving the crypted password all over the logs. >> > >> > Well, to be fair, there's a way to do it, it's just hurky and feels >> > silly. >> > >> >> I was kind of irked about that too. I'm going to file a ticket to make >> sure this gets handled. Really I guess it'd be nice to have a >> >> logDiff => false >> >> option where it'd at least let you know something happened but not what if >> it was explicitly listed. There's other uses for this besides just root >> passwords. >> > > The way I worked out to do it is a bit silly but you put the crypted > password in a file somewhere in /etc or /root > > and you just have that file in config_files or private (or as a > template) and then a cron job goes through and takes that value and sets > it in /etc/shadow using lpasswd or chpasswd > > not pretty but it will keep the crypted pw from showing up in a log > -sv > Ugh. Is there a way to integrate this with augeus or something? Having to assume you can protect a second file for root or having secure file diff's logged sounds like a long term nightmare. However thats outside of probably the class :). -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
