From owner-freebsd-isp  Wed Jul 26 21:17:33 2000
Delivered-To: freebsd-isp@freebsd.org
Received: from nargul.systems.cais.net (nargul.systems.cais.net [205.177.9.229])
	by hub.freebsd.org (Postfix) with ESMTP id 2B95C37C00D
	for <freebsd-isp@FreeBSD.org>; Wed, 26 Jul 2000 21:17:27 -0700 (PDT)
	(envelope-from mbarnett@cais.net)
Received: from localhost (mbarnett@localhost)
	by nargul.systems.cais.net (8.9.3/8.9.3) with ESMTP id AAA44079
	for <freebsd-isp@FreeBSD.org>; Thu, 27 Jul 2000 00:23:38 -0400 (EDT)
	(envelope-from mbarnett@cais.net)
X-Authentication-Warning: nargul.systems.cais.net: mbarnett owned process doing -bs
Date: Thu, 27 Jul 2000 00:23:38 -0400 (EDT)
From: Michael Barnett <mbarnett@cais.net>
X-Sender: mbarnett@nargul.systems.cais.net
To: freebsd-isp@FreeBSD.org
Subject: Password Distribution / Email
Message-ID: <Pine.BSF.4.10.10007270022380.44073-100000@nargul.systems.cais.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Everyone,

We are redesigning our email scheme, and I am looking for an alternative
to pushing passwords around on dozens of machines.  Right now, we have 10
mail machines for mail exchanging/pop access for our domain. (5 for mx  ..
5 for pop ..  both setup on a VIP behind a Foundry load balancing switch).

The 11th machine exports an nfs file system that all 10 machines mount
(deliver and cucipop have been hacked to look in the nfs mounted file
system as opposed to /var/mail)

It also generates and pushes across the aliases, and creates the
master.passwd file and has each of the 10 individual machines rebuild
their local password file using the command

/usr/sbin/pwd_mkdb -p -s 15 /etc/master.passwd

There are currently 24054 entries in the master.passwd file, so this
process is going to be unmanageable very soon.

We have a few ideas for getting pop to authenticate off of the database,
but even if we do this, we will still have to maintain the password files
for local delivery.  Has anyone been successful in running a mail server
that does not contain the authoritative list of users, but gets this
information from some central location?  (preferably from an sql
database).


Thanks for any insights.

-Michael Barnett
CAIS Internet





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message