> We have ssh as a fail safe system.. Again, all ssh root keys are > managed via a package (ima-ssh-rootkeys) and are auto updated on > every machine on the network nightly. Apt roxxors my soxxors. ssh and packages are O.K., but sometimes you don't want to have to install packages just to manage configuration files. Maybe you want to change a single line in a config file on only the machines that are part of the fileserver class. cfengine can do that for you. What if the workstation is off the network and unable to communicate with the master server, where it retrieves its data? When the connectivity is re-established, cfengine can query the server for changes and apply them on its own time. Most ssh setups are generally server-to-client pushes. This doesn't always work, and you'll end up having to push out changes once again. Still, these are just logistical hurdles. You can get a nice little setup with ssh and packages, as Nate has shown. Visit to the cfengine site for the true advocacy information. -- Chad Walstrom <chewie at wookimus.net> http://www.wookimus.net/ assert(expired(knowledge)); /* core dump */