Understandable, but as for that, the bulk certificates could be passed on as a bootloader parameter to keep it simple and more dynamic. You can protect your self against arp spoofing if you have proper security (eg arp spoof protection and/or private vlan in your switches).
I would not agree on that, with proper security in the environment you actually raise it allot by not sending the hashed root password over the network in clear text.
I would like to keep that still with in a encrypted session, are you that comfortable to post your password that is sha-512 hashed on a public forum?
Understandable, but as for that, the bulk certificates could be passed on as a bootloader parameter to keep it simple and more dynamic. You can protect your self against arp spoofing if you have proper security (eg arp spoof protection and/or private vlan in your switches).
I would not agree on that, with proper security in the environment you actually raise it allot by not sending the hashed root password over the network in clear text.
I would like to keep that still with in a encrypted session, are you that comfortable to post your password that is sha-512 hashed on a public forum?