On Wed, May 6, 2009 at 2:25 PM, Bruce Richardson <itsbr...@workshy.org> wrote: > > On Wed, May 06, 2009 at 02:02:42PM -0500, Evan Hisey wrote: >> > >> > But it will still show up unencrypted in processlist. >> > >> Only on the puppetmaster server, and this would happen no matter how >> you generate the password encryption. > > Not true. There are several utilities that can read from stdin or a > file to generate an encrypted passwrd, like mkpasswd. > > -- > Bruce I was thinking about scripted creation of passwords. If you used mkpasswd in place of oppenssl in the script it would still show up in the list. Openssl also takes sdtin as an option. You could probably put a lot of extra work in place and get a completely encrypted automate path of creation. But if you need that level of protection on a puppetmaster server then you would be best served by manual creation anyway. That may be best practice, on further though. Using generate and an external file to hold the encrypted password, saves the headache of version controlling old passwords. That way if you have to roll back for some reason you do not accidentally rollback the password.
Evan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
