[Mageia-sysadm] passwords in puppet

nicolas vigier boklm at mars-attacks.org
Mon Jan 24 09:28:08 CET 2011


Hello,

We are using this ruby module to save passwords used by puppet in a csv
file :
http://www.devco.net/code/extlookup.rb
and manifests/extlookup.pp in our puppet config.

And we are saving all passwords in this file on valstar :
/etc/puppet/extdata/common.csv

As I don't know exactly how puppet and puppet master are working, I am
wondering if access to any password from this file is possible from any
node (if someone can modify puppet config on this node). This could be
a problem if we start to manage with our puppet server some less trusted
servers. Or if someone getting root access on only one of the server
can access all the passwords.

Does anyone know ?



More information about the Mageia-sysadm mailing list