Gavin Henry wrote:
OK. My line of thinking was to create dynamic service and host groups and create simple group ACLs for that. These groups would go in the nss config on specific hosts using something like puppet to manage the 60-80 hosts.
I've not looked at nssov so couldn't comment, other than doing the start of man page for you Howard.
This is what I'm doing now, using cfengine thou and not puppet :)