On Wed, 2010-02-03 at 21:58 -0600, Daniel Wittenberg wrote: > Could you just push a script to /etc/cron.daily so it'll run auto, and have > it replace the md5 crypted pass in /etc/shadow? Then you don't have to pass > anything in the clear ? >
Technically, you'd want to use an 'at' job rather than cron for this, but that's nothing that Spacewalk's remote command isn't giving you already. The issue is how to get the new password to the box while: a) transmitting it such that it cannot be seen on the command line on the remote box b) safely updating the entry in /etc/shadow with minimal risk of hosing the file c) not putting it in cleartext anywhere that it can be logged by either Spacewalk or the client machine Personally, I'd just use sed on /etc/shadow, but I've been using Linux for over a decade and UNIX for about 2 (decades). So I'm careful and cautious about what I recommend. I won't recommend sed-ding the shadow file to others unless they feel comfortable about doing it... -I _______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list