Not sure that's any better in security terms. It has some ease of use and central management benefits but also some significant complexity (setup and maintenance of a CA).
My setups just used puppet to manage a authorized key directory on each machine (basically one line of code), assuming you have a working puppet setup of course.
I'd consider either approach significantly more secure than passwords which is a much worse approach.
My setups just used puppet to manage a authorized key directory on each machine (basically one line of code), assuming you have a working puppet setup of course.
I'd consider either approach significantly more secure than passwords which is a much worse approach.