zarb-ml/mageia-sysadm/2011-January/002415.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
 <HEAD>
   <TITLE> [Mageia-sysadm] passwords in puppet
   </TITLE>
   <LINK REL="Index" HREF="index.html" >
   <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20passwords%20in%20puppet&In-Reply-To=%3C20110124082808.GH21938%40mars-attacks.org%3E">
   <META NAME="robots" CONTENT="index,nofollow">
   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
   <LINK REL="Previous"  HREF="002489.html">
   <LINK REL="Next"  HREF="002416.html">
 </HEAD>
 <BODY BGCOLOR="#ffffff">
   <H1>[Mageia-sysadm] passwords in puppet</H1>
    <B>nicolas vigier</B> 
    <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20passwords%20in%20puppet&In-Reply-To=%3C20110124082808.GH21938%40mars-attacks.org%3E"
       TITLE="[Mageia-sysadm] passwords in puppet">boklm at mars-attacks.org
       </A><BR>
    <I>Mon Jan 24 09:28:08 CET 2011</I>
    <P><UL>
        <LI>Previous message: <A HREF="002489.html">[Mageia-sysadm] Disk full on valstar
</A></li>
        <LI>Next message: <A HREF="002416.html">[Mageia-sysadm] passwords in puppet
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#2415">[ date ]</a>
              <a href="thread.html#2415">[ thread ]</a>
              <a href="subject.html#2415">[ subject ]</a>
              <a href="author.html#2415">[ author ]</a>
         </LI>
       </UL>
    <HR>  
<!--beginarticle-->
<PRE>Hello,

We are using this ruby module to save passwords used by puppet in a csv
file :
<A HREF="http://www.devco.net/code/extlookup.rb">http://www.devco.net/code/extlookup.rb</A>
and manifests/extlookup.pp in our puppet config.

And we are saving all passwords in this file on valstar :
/etc/puppet/extdata/common.csv

As I don't know exactly how puppet and puppet master are working, I am
wondering if access to any password from this file is possible from any
node (if someone can modify puppet config on this node). This could be
a problem if we start to manage with our puppet server some less trusted
servers. Or if someone getting root access on only one of the server
can access all the passwords.

Does anyone know ?

</PRE>


<!--endarticle-->
    <HR>
    <P><UL>
        <!--threads-->
	<LI>Previous message: <A HREF="002489.html">[Mageia-sysadm] Disk full on valstar
</A></li>
	<LI>Next message: <A HREF="002416.html">[Mageia-sysadm] passwords in puppet
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#2415">[ date ]</a>
              <a href="thread.html#2415">[ thread ]</a>
              <a href="subject.html#2415">[ subject ]</a>
              <a href="author.html#2415">[ author ]</a>
         </LI>
       </UL>

<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
mailing list</a><br>
</body></html>