| ▲ | blipvert 2 hours ago | |
Well, yes, pick your poison. But for just getting access to role accounts then I find it a lot nicer than distributing public keys around. And for everything else, a periodic Ansible :-) | ||
| ▲ | gnufx 5 minutes ago | parent [-] | |
Public keys (for OpenSSH) can be in DNS (VerifyHostKeyDNS) or in, say, LDAP via KnownHostsCommand and AuthorizedKeysCommand. | ||