Date: Wed, 7 Nov 2001 21:19:26 -0800 From: Will Yardley <william@hq.newdream.net> To: security@FreeBSD.ORG Subject: Re: NIS, rsync, and LDAP Re: sharing /etc/passwd Message-ID: <20011107211926.A28670@hq.newdream.net> In-Reply-To: <001b01c16814$48a1ea50$22b197ce@ezo.net> References: <Pine.LNX.4.33.0111072043550.24824-100000@moroni.pp.asu.edu> <001b01c16814$48a1ea50$22b197ce@ezo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jim Flowers wrote: > > It would be nice to be able to share /etc/passwd between Linux and > > Freebsd -- so some layer of abstraction like an ldap_pam would be > > great. I didn't know ldap pam existed. I'll look into it. > An advantage of Kerberos, perhaps? we use the same database for multiple platforms by storing everything in a mysql database and then using a perl script to create the password files and push them onto the machines (and create the passwd db files for freebsd of course). perhaps not as elegant or complicated as ldap or kerberos, but it is pretty effective, and pretty secure since scp is used to copy the files from the controller machines. most of our machines are linux, but i've been working on getting everything working with freebsd, and that part seems to work ok so far (just a few changes in the passwd file format). the system will also update passwords in the db if a user has changed it. it doesn't currently add users that are added manually, although such a change would probably be trivial. the 'standard' users are stored as parameters and are appended to the top of every password / shadow / master.passwd file w -- GPG Public Key: http://infinitejazz.net/will/pgp/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011107211926.A28670>