From owner-freebsd-security Wed Nov 7 19:37:40 2001 Delivered-To: freebsd-security@freebsd.org Received: from radix.cryptio.net (radix.cryptio.net [199.181.107.213]) by hub.freebsd.org (Postfix) with ESMTP id ADFD837B417 for ; Wed, 7 Nov 2001 19:37:37 -0800 (PST) Received: (from emechler@localhost) by radix.cryptio.net (8.11.6/8.11.6) id fA83bah72147; Wed, 7 Nov 2001 19:37:36 -0800 (PST) (envelope-from emechler) Date: Wed, 7 Nov 2001 19:37:36 -0800 From: Erick Mechler To: David Bear Cc: FreeBSD Security List Subject: Re: sharing /etc/passwd Message-ID: <20011107193736.V64838@techometer.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from David Bear on Wed, Nov 07, 2001 at 07:02:09PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org How 'bout PAM? /usr/ports/security/pam_ldap. If you have machines that can't do PAM, perhaps NIS is the way to go (assuming, of course, you're behind a firewall). You can store login information in LDAP like you want, then use a home-grown script to extract the information to a NIS map. Or, if you have a Solaris 8 machine lying around, you can cut out the middle step and use Sun's NIS server which can backend directly into LDAP. Cheers - Erick At Wed, Nov 07, 2001 at 07:02:09PM -0700, David Bear said this: :: :: I need to sync /etc/passwd and /etc/group among multiple machines. I was :: thinking ldap would be a good method but am concerned about :: :: 1) the most secure way to do it :: 2) the most stable :: 3) things I don't know about this but should... :: :: any pointers to man pages/docs would be appreciated. :: :: :: To Unsubscribe: send mail to majordomo@FreeBSD.org :: with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message