> > I don’t think ciphertext + decryption key would fly either. I agree with > you that both this 0600 on the root should be sufficient, but often times > the audits in these regulated environments defy rationale arguments. >
Sadly, I thought that might be your answer. Does this only apply to the root password? If you can share, what framework are you being audited under? You've got me playing cat-and-mouse with the auditors in my head. :-) Have you solved this problem outside of Ansible anywhere as part of an automation routine? -- Peter Gehres Site Reliability Engineer | AppDynamics, Inc. www.appdynamics.com | AS62897 -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
