David, Cfengine, and in particular Cfengine3, will not provide a turnkey solution for what you describe, which is why Ed prefaced this with "if you look at this [as] a part of a larger opportunity".
But Cfengine3 has so much more potential than simple maintenance of system configs and software. It is better to think of Cfengine as an autonomic system: http://en.wikipedia.org/wiki/Autonomic_system_(computing) It would require some thought, and maybe some supplemental scripts for Cfengine to utilize, but it certainly should be possible to implement a framework for accomplishing what you seek. The question is, after you finish, will you at least break even compared to one year's expense for the commercial offerings you described. --Aaron On Thu, Jul 16, 2009 at 14:10, <[email protected]> wrote: > On Thu, 16 Jul 2009, Ed wrote: > >> On Mon, Jul 13, 2009 at 12:12 PM, <[email protected]> wrote: >>> I currently have a commercial tool that does root password management and >>> am looking for other options (the maintinance price of this tool is in the >>> 6-digits per year) >>> >>> the tool reaches out and changes the root passwords on the systems, and >>> then has an sudited request/approve/release process for giving out the >>> root password as needed (an then changing it afterwords) >>> >>> we use this for cases where our normal access methods (including sudo type >>> things) don't work, so I'm not interested (at this time) in discussions on >>> those types of tools, just tools that can change the root passwords >>> periodicly and then release them to the sysadmins as needed. >>> >>> I know that thre are at least three companies doing commercial tools that >>> do this >>> >>> Symark (Power Keeper) >>> Quest >>> and I'm forgetting the name of the third company (Symark's Power Keeper >>> started off as a re-branding of this other company and now the codebase >>> has forked) >>> >>> any suggestions (including open source options)? >>> >>> David Lang >> >> >> David, >> >> If you look at this a small part of a larger opportunity, you might >> give CFengine3 a look - the management of ID & certs is an important >> part of its operation. You can start off free, and go pro if you >> deploy. >> >> this isn't exactly a GUI app - fair warning,... err a promise (ever >> heard of Promise Theory?) http://www.cfengine.org/ > > I know a little about cfengine, but I've never heard of CFengine being > used to change root passwords on a machine, let alone any mechanism to > issue the root password to users as needed and audit it. > > if I am wrong and cfengine has this sort of capability, please point me at > it, but my understanding is taht cfengine is for building and maintaining > system configs and software. > > David Lang > _______________________________________________ > Discuss mailing list > [email protected] > http://lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
