Very interested! I am in the midst of rolling out a brand new collection of servers, all Linux. This couldn't be more timely.
Thanks, Dave Augustus On Feb 22, 2011, at 6:20 PM, "Steve Shipway" <[email protected]> wrote: > I've created a Puppet module which will check a specified user for password > age, and if it is older than a specified amount, then it will first generate > a random password, change the user's password to this, and will then update > (or create) the stored password as held in the Secret Server application (via > the SecretServer API) -- see http://www.thycotic.com/ . This means that we > don't need to allow SecretServer to log in remotely as root to do the job > itself, and we can receive notification (via Puppet reports) when this has > been done. > > > > So far this only works for Linux but it should be simple to make it work for > other OS. > > > > Usage is: > > password { 'user': age=>30, username=>'user' } > > > > with both parameters optional. We will use this to autorotate passwords on > non-user accounts (root, oracle) since account expiry causes crontabs to stop > working and we cannot lock the accounts or disable expiry due to > functionality and security requirements. > > > > Is anyone already using SecretServer interested in testing a copy? There > are a couple of caveats with it but things are looking good so far. > > > > Steve > > > > > > Steve Shipway > > [email protected] > > Routers2.cgi web frontend for MRTG/RRD; NagEventLog Nagios agent for Windows > Event Log monitoring; check_vmware plugin for VMWare monitoring in Nagios and > MRTG; and other Open Source projects. > > Web: http://www.steveshipway.org/software > > P Please consider the environment before printing this e-mail > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
