Administrative/root password management
I recently inherited administrative(root) password management task from an user who is no longer on my team. From what he told me, He changes root passwords manually for ~200 Linux servers, and because of that, he barely get 1 password change done per system per year. I find his process quite tedious and inefficient. I am curious as to how others, especially sysadmins who manage over hundreds of servers, manage their root passwords? Ideally I would like to get quarterly password changes. All our server has LDAP enabled for non-root login.
Currently I am thinking of writing a script that generates different salted MD5 hash in /etc/shadow format, and push it to the systems through our management server (it has pub key auth to all managed servers).
Thank you for your input.
Last edited by twk; 02-05-2009 at 12:16 PM.