[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSSD, Kerberized NFSv4 and Bacula
|
From: |
Hartmut Goebel |
|
Subject: |
Re: SSSD, Kerberized NFSv4 and Bacula |
|
Date: |
Tue, 29 Aug 2023 17:57:21 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 |
Hi,
Am 24.08.23 um 21:55 schrieb Martin
Baulig:
- My "guix secrets" tool provides a command-line interface to
maintain a "secrets database" (/etc/guix/secrets.db) that's
only accessible to root. It can contain simple passwords,
arbitrary text (like for instance X509 certificates in PEM
format) and binary data.
- …
- Finally, "secrets-service-type" depends on all of the above
to do its work.
It takes a template file - which is typically interned
in the store - containing special "tokens" that tell it which
keys to look up from the secrets database.
This sounds great and like being a major step towards "guixops"
[1], [2].
[1]
https://lists.gnu.org/archive/html/guix-devel/2019-07/msg00435.html[2]
https://lists.gnu.org/archive/html/guix-devel/2017-09/msg00196.html
--
Regards
Hartmut Goebel
| Hartmut Goebel | h.goebel@crazy-compilers.com |
| www.crazy-compilers.com | compilers which you thought are impossible |