From owner-freebsd-isp  Mon Oct  5 20:17:47 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA14881
          for freebsd-isp-outgoing; Mon, 5 Oct 1998 20:17:47 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from absinthe.shenton.org (Absinthe.Shenton.Org [209.31.147.194])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA14870
          for <freebsd-isp@freebsd.org>; Mon, 5 Oct 1998 20:17:38 -0700 (PDT)
          (envelope-from chris@shenton.org)
Received: (from chris@localhost)
	by absinthe.shenton.org (8.9.1/8.9.1) id XAA07705;
	Mon, 5 Oct 1998 23:15:54 -0400 (EDT)
To: freebsd-isp@FreeBSD.ORG
Subject: How to share accounts between mail/pop and web servers?
X-Emacs: Emacs 20.3, MULE 4.0 (HANANOEN)
MIME-Version: 1.0 (generated by SEMI 1.8.5 - "Nishi-Takaoka")
Content-Type: text/plain; charset=US-ASCII
From: Chris Shenton <chris@shenton.org>
Date: 05 Oct 1998 23:15:54 -0400
Message-ID: <87hfxiv0r9.fsf@absinthe.shenton.org>
Lines: 23
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I'm supporting an ISP who's outgrown the single box we have running
WWW, FTP, SMTP, POP, and IMAP.  It also does RADIUS authentication for
the dialup server. Accounts are created on this single box so the user
gets RADIUS authenticated against /etc/passwd, just as the FTP, POP,
IMAP stuff does. The normal "adduser" script is run to create
accounts. 

I plan to split into two boxes: one for WWW and FTP, the other for
SMTP, POP, and IMAP.  Not sure where I'm gonna run RADIUS yet, maybe
on both for redundancy.

How would you securely and robustly mirror the /etc/passwd type of
information? 

I'm not keen on NIS, due to security concerns.  In other situations,
I've used "rsync" over "ssh" with host key authentication and it's
worked well. I've never used it for /etc/passwd and I'm concerned
about stuff like failed updates or partial updates leaving the send-to
box with a corrupt /etc/passwd, preventing everyone (including root)
access. 

What have you used that works well for you? 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message