On Wed, 2 Apr 2003, John wrote: > On Tue, 1 Apr 2003, Steve Traylen wrote: > > > On Tue, 1 Apr 2003, Skahan, Vince wrote: > > > > > > > > I load a rpm with the keys during my kickstart. > > > > Which is a really bad idea generally since now your > > private key is sitting on webserver, nfsserver. > > > > You're jumping to conclusions there. Most of *my* webservers are > accessible only privately. But the installed node must now have access to the keys at user level rather than at just root level as it should be? Unless you reboot the machine with different identity to its install identity perhaps. Maybe you trust all your users, and services as well of course. My point was the general one that its usually a bad idea though. Steve > > > > It its from a CD thats okay of course. > > I'd say that's less secure than my web servers. > > > -- Steve Traylen s.traylen@xxxxxxxx http://www.gridpp.ac.uk/
