On Sat, Aug 8, 2009 at 07:08:23 +0000 (+0000), Andy Smith wrote:
> Can you elaborate more as to how you manage SSH keys? I've seen a
> couple of ways but never really liked them..
I've been using the ssh-ldap patches with great success for some time
now. Drop people's ssh keys into LDAP (ones from putty need slightly
altering to openssh format) and then turn off password logins (if you
want). I also use sudo-ldap.
With puppet the use of ldap isn't quite so important, however I
believe it still makes sense - I don't really want to run puppet on
all my machines just to remove access for one user.
> Another problem I have is one of the most trivial things to do with
> cfengine: purge old files in a directory tree. Puppet's "tidy" seems to want
Sucks doesn't it :-) TBH I normally move these out of puppet's domain
and into a small cronscript (installed via puppet of course).
Adrian
--
Email: adrian@??? -*- GPG key available on public key servers
Debian GNU/Linux - the maintainable distribution -*-
www.debian.org
