From owner-freebsd-security  Sat Feb 28 23:23:59 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA06924
          for freebsd-security-outgoing; Sat, 28 Feb 1998 23:23:59 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.91.116])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA06917
          for <freebsd-security@FreeBSD.ORG>; Sat, 28 Feb 1998 23:23:54 -0800 (PST)
          (envelope-from robert@cyrus.watson.org)
Received: from trojanhorse.pr.watson.org (trojanhorse.pr.watson.org [192.0.2.10]) by fledge.watson.org (8.8.8/8.6.10) with SMTP id CAA16221; Sun, 1 Mar 1998 02:23:44 -0500 (EST)
Date: Sun, 1 Mar 1998 02:21:12 -0500 (EST)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@trojanhorse.pr.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Christopher J Ceska <chris@u2.todiefor.com>
cc: Javier Henderson <javier@kjsl.com>, freebsd-security@FreeBSD.ORG,
        Brian Mitchell <brian@firehouse.net>
Subject: Re: Question
In-Reply-To: <Pine.BSI.3.95.980301020225.29664A-100000@shell.firehouse.net>
Message-ID: <Pine.BSF.3.96.980301021751.25924B-100000@trojanhorse.pr.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

On Sun, 1 Mar 1998, Brian Mitchell wrote:

> > Christopher J Ceska writes:
> > 
> >  > What would be a good method to have two servers run the same passwd file?
> > 
> > 	Run VMS?
> 
> well, kinda overkill when all the original posted needed is nis. To each
> his own, I suppose -- even delusional vms freaks.

So Chris, leaving aside this stuff, you really want to take a look at the
yp(4) manpage for one possible way to do what you desire.  This is the
Yellowpages/NIS service as thought of (I believe) by Sun -- it provides
distributed password, group files, as well as local modifications of them
specified in a wild-cardy kind of way.  Programs like passwd and chfn know
how to deal with it, so it doesn't have the implementation mess from the
point of view of users that a distributed file system solution can have.
On the other hand, there are some security issues involved (such as a lack
of cryptography support -- run this on trusted lans only).

  Robert N Watson 

Carnegie Mellon University http://www.cmu.edu/
SafePort Network Services  http://www.safeport.com/
robert@fledge.watson.org   http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message