Date: Thu, 21 Sep 2000 17:00:06 -0600 From: Lyndon Nerenberg <lyndon@orthanc.ab.ca> To: Damien Tougas <damien@carroll.com> Cc: freebsd-stable@freebsd.org Subject: Re: Request for change to /etc/rc script Message-ID: <200009212300.e8LN06113643@orthanc.ab.ca> In-Reply-To: Your message of "Thu, 21 Sep 2000 18:10:57 EDT." <20000921181057.A61901@carroll.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Damien" == Damien Tougas <damien@carroll.com> writes:
Damien> I would disagree with you there. We do not want to have
Damien> root password files on hundreds of thin client
Damien> workstations, if we have to change the root password for
Damien> those workstations, we want to change it once.
The way I dealt with this when setting up our labs was to maintain
a local root fs and NFS mount the rest, with NIS for passwd and group.
At boot time, after the network link was establsihed but before full
multiuser, we ran a locally written program that connected to a central
server and updated various things, including /etc/{passwd,group}. This
meant we could boot single user from the workstation without a network
(useful for dealing with network debugging issues) and without a
boot floppy (which let us disable floppy boot altogether). As a
bonus, we didn't have the root password flying around the network
via NIS for the kiddies to see (not that they would have been able
to crack it with dictionary attacks or the like).
Changing the root password (or anything on the root filesystem) was
a simple matter of changing the file in the central reference image.
--lyndon
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009212300.e8LN06113643>