[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Disaster Recovery.
|
From: |
Luke A. Kanies |
|
Subject: |
Re: Disaster Recovery. |
|
Date: |
Thu, 20 May 2004 14:03:43 -0500 (CDT) |
On Thu, 20 May 2004, Michael Little wrote:
John,
One question... How are you dealing with authentication keys?
I suppose you could just insure that keys have been pushed from both the
policy host and the backup policy host, or trust keys from the policy
host(s). I am just curious as to how you have addressed this.
I store all of my cfengine (and ssh) keys in LDAP and have a simple script
to pull the keys down and store them appropriately. This allows me to
very easily equip each host on my network with every other host's key (and
allows me to build a global ssh_known_hosts file).
That solves more than just the disaster recovery problem, because it
allows you to easily serve files from any host to any other host.
--
"The major difference between a thing that might go wrong and a thing
that cannot possibly go wrong is that when a thing that cannot possibly
goes wrong goes wrong it usually turns out to be impossible to get at
or repair." -- Douglas Adams, Mostly Harmless
---------------------------------------------------------------------
Luke Kanies | http://abstractive.org | http://reductiveconsulting.com