I'm setting up my Bacula configuration in Puppet. One thing I want to do is ensure that each password field is different. My current thought is to hash the hostname with a secret value that would ensure each file daemon has a unique password and that password can be written to both the director configuration and the file server. I definitely don't want to use one universal password as that would permit anybody who might compromise one machine to get access to any machine through Bacula.

Is there another way to do this other than using a hash function to generate the passwords?

Clarification:

This is NOT about user accounts for services. This is about the authentication tokens (to use another term) in the client / server files. Example snippet:

Director {                            # define myself
  Name = <%= hostname $>-dir
  QueryFile = "/etc/bacula/scripts/query.sql"
  WorkingDirectory = "/var/lib/bacula"
  PidDirectory = "/var/run/bacula"
  Maximum Concurrent Jobs = 3
  Password = "<%= somePasswordFunction =>"         # Console password
  Messages = Daemon
}