[CentOS-virt] virtual sprawl - managing password changes

Fri May 16 21:16:55 UTC 2008
Luke S Crawford <lsc at prgmr.com>

"Jeff Larsen" <jlar310 at gmail.com> writes:
> I'm wondering how the rest of the community is managing updates of
> root (and other local account) passwords in a virtual sprawl
> environment (or a physical environment with lots of hosts).

> I have read about things like expect, puttycs, centralize with kerberos, etc.

the way I've seen it done at every large installation I've worked is
some sort of auto-pushed password files for authorization, but no valid 
passwords in the  password file (except for root as explained below)   the 
authentication is either handled with ssh public keys (authorized_keys files 
distributed via rsync or NFS) or with kerberos.  I like kerberos, personally, 
but the ssh authorized_keys setup is harder to screw up, and it works
fine as well. 

As for the root password,  the best practice is to make it so that the root
password is *only* useful once you have console.  (Of course we have all
disabled remote root login with password long ago-  disable su and prune
/etc/securetty - force your SysAdmins to use ksu or sudo instead of su if
they log in remotely, and log.)  -  if you do this correctly, the root 
password becomes much less sensitive,  and you can keep it in the password 
files you rsync around.  

I worked at one place that used  the rsync of the password file and 
~user/.ssh/authorized_keys setup  that had tens of thousands of servers.
the copy became a bit more complicated than just an rsync, but the system
did scale.