Re: Hacking in ssh support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





I guess this is what I'm saying:

1. Handrolling a system to manage SSH keys is easy, and handrolling a system to manage SSL keys is hard. Therefore, tons of people use handrolled SSH key management solutions.

Handrolling is hard, that is why you have certmaster in Func, yes :)
Hand-rolling not required.
2. Right now, the value of func is:
( SIMPLICITY OF INITIAL CONFIGURATION ) plus ( a few func modules )

But over time, the value of func will be:
( simplicity of initial configuration ) plus ( A TON OF FUNC MODULES )

Which means that there may come a time -- and I don't know when, and maybe not for a while -- when people may want the value of the func modules, but using their own extant trust mechanisms -- which are most likely to be built around SSH.

Puppet and cfengine are certificate based also, and seem to be doing fine.

Func could perhaps do even better when we get Puppet to use external (read Func) certs :)


But I've heard "cool, does it do SSH" a whole bunch of times now. Just something to think about. And yes, I know, patches welcome. :)

I think this is an education issue.

Obviously in some cases, you are going to have that organizational policy in place that says "no" to things like puppet and func, but I think there are enough places that allow that sort of thing to where it's not a huge concern.

That being said, should someone find a clean way to make it /also/ travel that way, we can look at it ... though the stuff on the ideas list is too interesting to me to spend time on YetAnotherTransport as a main priority.

Minion to Minion, the Web app for system-config, and lots of good module/script ideas are on the pipe.

_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list

[Index of Archives]     [Fedora Users]     [Linux Networking]     [Fedora Legacy List]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux