One of our puppet rules ensures that NTP (which ensures that the server has the correct time) is not installed on any virtualised guest images where the time is supposed to be taken from the host automatically. Unfortunately "facter" which should provide this information still hasn't applied patches submitted over 6 months ago. So we've rolled our own package instead for use on Debian Lenny.

We've also uploaded two packages we used extensively with LDAP. One is a bugfix for Debian Lenny's "sudo-ldap" package (see #430826). The other is a copy of openssh with both LPK for LDAP integration and HPN for high-performance networking.

The LDAP integration is worth noting. LDAP is special database where you can store authentication data (basically passwords) and authorisation data (is this person allowed to do this or that). If you have more than a few servers or services it's generally sensible to use LDAP as it makes dealing with adding/removing people, permissions and services much easier and faster.

Out of the box with most Linux distributions you can enable local logins and remote SSH logins to use LDAP as well as most web services. The sudo-ldap package extends this to include sudo support, however the version in Debian Lenny has a half-applied patch which this fixes.

The SSH LPK patch is less well known. This allows you both to store SSH public keys in LDAP and also to control access via machine groups (which to be fair you could do using normal groups and LDAP, but this may work better for some people). We typically turn off SSH password authentication as it's arguably less secure than public/private keys (if you use the same password for a web site login for instance). To clarify, without LPK you can use passwords and/or put public keys on all your servers, with the patch you can use passwords and/or put public keys in a central LDAP database.

Package information is here as usual. Enjoy :-)

Update: Facter 1.5.7-0.2 released (is-virtual is now set correctly)