Date: Mon, 13 Aug 2001 09:56:13 -0400 From: "diesel" <diesel@bsdvault.net> To: "'Greg Black'" <gjb@gbch.net> Cc: "'Jonathan M. Slivko'" <jslivko@blinx.net>, "'Erik Sabowski'" <airyk@sabowski.dhs.org>, <freebsd-stable@FreeBSD.ORG> Subject: RE: Any way to have multiple machines share a single passwd file? Message-ID: <001801c123ff$b9094670$0400000a@zen> In-Reply-To: <nospam-997666225.98319@maxim.gbch.net>
next in thread | previous in thread | raw e-mail | index | archive | help
The issuance of Pwd_mkdb is going to be covered in article II. Syncing of local password file is going to be done in article II as well as integrity checking. This article proves it possible and the means to do it. Many organizations use this method to manage their networks. Ill be sure to email you the second and third parts. Half full or half empty? -----Original Message----- From: owner-freebsd-stable@FreeBSD.ORG [mailto:owner-freebsd-stable@FreeBSD.ORG] On Behalf Of Greg Black Sent: Sunday, August 12, 2001 9:30 PM To: diesel Cc: 'Jonathan M. Slivko'; 'Erik Sabowski'; freebsd-stable@FreeBSD.ORG Subject: Re: Any way to have multiple machines share a single passwd file? "diesel" wrote: | You should check out the latest article on http://bsdvault.net . It | details how to set up a password push to all your hosts from a master | host. That article does not give very useful advice, since the scripts it shows explicitly manage only /etc/master.passwd -- and that file has no control at all over who can login. If the bad guys have compromised the real password file (/etc/spwd.db), then it won't help at all. For this to be useful, it should also make sure to regenerate /etc/spwd.db or take some other step to ensure it is in sync with the master.passwd file. The other problem that it ignores is legitimate password changes by users on the "protected" hosts -- these will be clobbered by the method shown. Back to the drawing board, I think. And this is off-topic for this list. Take it to questions if there's more to be said. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001801c123ff$b9094670$0400000a>