From owner-freebsd-questions@FreeBSD.ORG Fri Mar 9 04:25:57 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0BE0416A401 for ; Fri, 9 Mar 2007 04:25:57 +0000 (UTC) (envelope-from admin2@enabled.com) Received: from typhoon.enabled.com (typhoon.enabled.com [216.218.220.21]) by mx1.freebsd.org (Postfix) with ESMTP id D348113C48D for ; Fri, 9 Mar 2007 04:25:56 +0000 (UTC) (envelope-from admin2@enabled.com) Received: from [172.23.10.40] (nat-service4.juniper.net [66.129.225.151]) (authenticated bits=0) by typhoon.enabled.com (8.14.0/8.14.0) with ESMTP id l294Ps1G094675 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 8 Mar 2007 20:25:54 -0800 (PST) (envelope-from admin2@enabled.com) Message-ID: <45F0E1CD.1060608@enabled.com> Date: Thu, 08 Mar 2007 20:25:49 -0800 From: Noah User-Agent: Thunderbird 1.5.0.10 (Macintosh/20070221) MIME-Version: 1.0 To: Daniel Marsh References: <45F0D9A7.8000201@enabled.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: User Questions Subject: Re: syncing user passwd information between servers X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2007 04:25:57 -0000 see more questions below? Daniel Marsh wrote: > On 3/9/07, Noah wrote: >> >> Hi, >> >> I am trying to figure out the Best admininstrative way to do the >> following: >> >> We have two FreeBSD 6.2 servers and want to keep the passwd files in >> sync so all the same users can log into each machine, their UID's match, >> and when the update the password on one machine the other machine gets >> the password. When we add the user to one machine then the other >> machine has an additional user too. >> >> What is the best scheme that we can devise to get this working >> technically well? >> >> Cheers, >> > > A couple of things can be done... > The first, and longest existing method would be to use NIS between the two > machines where one machine acts as a server, the other as a client to that > server, if the server goes down, no-one can login. (I havn't > investigated in > backup NIS servers as I don't like NIS) > yeah NIS does not feel like the right direction > The other option would be using LDAP (OpenLDAP), you'll install OpenLDAP on > both servers, one will act as a master, the other as a slave, each machine > will login against the ldap database running locally. > The master ldap will replicate to the slave to keep any user changes in > tact > and up to date. > You'll need to install the pam_ldap and nss_ldap ports and may want to use > LDAP Account Manager (runs via PHP on Apache) to manage the user accounts. so the users would not be locked out of the second server if the master LDAP server goes down, right? cheers, Noah > > Another option may be to use a versioning system, one machine has a > versioning repository, you import /etc/ into the versioning system (CVS or > Subversion), when you make a change on a server to passwd's etc... you > commit the change and check it out on the other machine, maybe even making > use of merging changes so if two people, one on each machine, change their > passwords and they both commit you don't lose one of the password changes. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"