[Mageia-sysadm] passwords in puppet
nicolas vigier
boklm at mars-attacks.org
Mon Jan 24 09:28:08 CET 2011
Hello,
We are using this ruby module to save passwords used by puppet in a csv
file :
http://www.devco.net/code/extlookup.rb
and manifests/extlookup.pp in our puppet config.
And we are saving all passwords in this file on valstar :
/etc/puppet/extdata/common.csv
As I don't know exactly how puppet and puppet master are working, I am
wondering if access to any password from this file is possible from any
node (if someone can modify puppet config on this node). This could be
a problem if we start to manage with our puppet server some less trusted
servers. Or if someone getting root access on only one of the server
can access all the passwords.
Does anyone know ?
More information about the Mageia-sysadm
mailing list