-----BEGIN PGP SIGNED MESSAGE----- Just wondered if anyone had any suggestions about syncing up master.passwd files between multiple machines that didn't involve allowing root login remotely? The users need to be able to log in remotely and own files on the different machines. ~~ Andy Harrison ah##@httpsite.com ICQ: 123472 AIM/Y!: AHinMaine [full headers for details] -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBPtOkfFPEkLgodAWVAQGivwP9EHYSqM/PfEH744F1tRL5Lxz3cRMkuWST GaT1+ZdbMx4AIfh0Zi/ZqB/WoHWK/SdmRtxAiaRwCA/llnMUE0UzWyTGTc56Dw9q vlUG0wRQ4bBVh7wUlKzs4NCe47JAkk2Dou7RgCfrIuLBm7JRScKkzyxkkOai+H/c ucTgljeOROE=Bb22 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On 27-May-2003, Amit K. Rao wrote message "Re: multihost master.passwd sync" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~> NIS [yp(8)] ?Lord no... even if you setup a backup nis server, an ailing master server can really screw up your day. I think I thought of a solution though. root cronjob to pgp encrypt the file, change perms so that it can be accessed by a user that is allowed to copy the file to the target host. The file is in encrypted using the public key of root the target machine, so only root on the target will be able to pgp extract the file. ~~ Andy Harrison ah##@httpsite.com ICQ: 123472 AIM/Y!: AHinMaine [full headers for details] -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBPtOuz1PEkLgodAWVAQEupQQAhNGfV9yIg7jqM9D3VuPAfHy6XgcC0QnD hPx5J0+uZZy9mpfBGSjn930To+YUFBZp+h/JcfX80rBFdTs+gSXk/olug7EWkhNp 6Uk+HazQeSN7347Rn5Ln0Pcagiv/Ua3zwQuXISJKxmUnHecufkMrOyc9wMtPbDwL xmFl3gzrq38=HAT1 -----END PGP SIGNATURE-----
Can't you just have two cron jobs, one on the master machine which dists the file out to the various machines in /var/tmp or something and another one on the slave machine which picks it up and replaces/integrates it? The permissions on the file should keep other people from modifying it. The only possible problem (depending on setup) could be if someone put a passwd file there first and the dist didn't properly handle that. However, if the cron on the slave machine checks the permissions first, that problem can be avoided. David On Tue, 27 May 2003, Andy Harrison wrote:> -----BEGIN PGP SIGNED MESSAGE----- > > Just wondered if anyone had any suggestions about syncing up master.passwd > files between multiple machines that didn't involve allowing root login > remotely? The users need to be able to log in remotely and own files on the > different machines. > > > > ~~ > Andy Harrison > ah##@httpsite.com > ICQ: 123472 AIM/Y!: AHinMaine > [full headers for details] > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.5.8 > > iQCVAwUBPtOkfFPEkLgodAWVAQGivwP9EHYSqM/PfEH744F1tRL5Lxz3cRMkuWST > GaT1+ZdbMx4AIfh0Zi/ZqB/WoHWK/SdmRtxAiaRwCA/llnMUE0UzWyTGTc56Dw9q > vlUG0wRQ4bBVh7wUlKzs4NCe47JAkk2Dou7RgCfrIuLBm7JRScKkzyxkkOai+H/c > ucTgljeOROE> =Bb22 > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >
On Tue, 27 May 2003, Andy Harrison wrote:> Just wondered if anyone had any suggestions about syncing up master.passwd > files between multiple machines that didn't involve allowing root login > remotely? The users need to be able to log in remotely and own files on the > different machines./usr/ports/net/rsync. -mrh -- From: "Spam Catcher" <spam-catcher@adept.org> To: spam-catcher@adept.org Do NOT send email to the address listed above or you will be added to a blacklist!
On Tue, May 27, 2003 at 01:46:37PM -0400, Andy Harrison wrote:> > Just wondered if anyone had any suggestions about syncing up master.passwd > files between multiple machines that didn't involve allowing root login > remotely? The users need to be able to log in remotely and own files on the > different machines.People have mentioned LDAP; I am truly surprised no one has mentioned Kerberos yet. G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 Nostalgia ain't what it used to be. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030528/0939aabb/attachment.bin