On Sat, Aug 8, 2009 at 07:08:23 +0000 (+0000), Andy Smith wrote: > Can you elaborate more as to how you manage SSH keys? I've seen a > couple of ways but never really liked them..
I've been using the ssh-ldap patches with great success for some time now. Drop people's ssh keys into LDAP (ones from putty need slightly altering to openssh format) and then turn off password logins (if you want). I also use sudo-ldap. With puppet the use of ldap isn't quite so important, however I believe it still makes sense - I don't really want to run puppet on all my machines just to remove access for one user. > Another problem I have is one of the most trivial things to do with > cfengine: purge old files in a directory tree. Puppet's "tidy" seems to want Sucks doesn't it :-) TBH I normally move these out of puppet's domain and into a small cronscript (installed via puppet of course). Adrian -- Email: adr...@smop.co.uk -*- GPG key available on public key servers Debian GNU/Linux - the maintainable distribution -*- www.debian.org -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --------------------------------------------------------------