[Infrastructures] Re: Distributing private key information at install time

[Brendan Strejcek]

(Wesley sent me a message off-list, but said it was fine to repost to the list.)

On 10/6/06, Wesley Craig <wes@umich.edu> wrote:

> On 06 Oct 2006, at 10:40, Brendan Strejcek wrote:
>
> > Are you using any sort of centralized configuration management system?
> > How do you propagate configuration changes to live machines?
>
> The question is how do you deal with a machine whose hardware you are
> replacing.  It's all fine to store this data centrally, but how do
> you bootstrap security from a naked machine?

Hooks can be added to any automated installation procedure. The
security of this initial bootstrap will depend upon the particular
installation method. For example, a custom install CD could easily
include various security bits, such as server public keys. Another
example would be a PXE boot on an isolated network where a server
decides what credentials to issue to a new machine based on ethernet
address.

Best,
Brendan

--
http://praksys.blogspot.com