From owner-freebsd-isp Sat Apr 19 23:04:14 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id XAA06695 for isp-outgoing; Sat, 19 Apr 1997 23:04:14 -0700 (PDT) Received: from phobos.illtel.denver.co.us (abelits@phobos.illtel.denver.co.us [207.33.75.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id XAA06690; Sat, 19 Apr 1997 23:04:11 -0700 (PDT) Received: from localhost (abelits@localhost) by phobos.illtel.denver.co.us (8.8.5/8.6.9) with SMTP id XAA02308; Sat, 19 Apr 1997 23:05:19 -0700 Date: Sat, 19 Apr 1997 23:05:18 -0700 (PDT) From: Alex Belits To: Vinay Bannai cc: freebsd-hackers@freebsd.org, freebsd-isp@freebsd.org Subject: Re: Need a common passwd file among machines In-Reply-To: <199704200512.WAA16052@agni.nuko.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Sat, 19 Apr 1997, Vinay Bannai wrote: > Hi folks, > > I need a common passwd file that is shared by a FreeBSD machine, Linux > machine, Solaris and a SunOS machine. I do not want to use NIS. > I thought of using rdist to distribute the passwd file among all these > machines but could not because some of them use shadow passwd files and > others don't. It will be better to use ftp or even scp and make scripts generate files in formats, all systems use from "master" password file that is kept on sysadmin's box, then automatically ftp/scp it to other ones. Shadow/nonshadow syncronization can be done in simple cron jobs. > Also, I am not sure the passwd encryption is the same on all > these platforms. DES-based encryption is supported on all of those systems (FreeBSD by default doesn't use it though). You can also modify Linux, SunOS and Solaris libraries to use the same encryption as FreeBSD. -- Alex P.S. Is there any existing thing or at least an idea of making one that does this thing nicer? NIS is based on rather dumb idea that to authenticate local user one will want to go to some server and ask him instead of IMHO more sane approach of distributing authentication information from that server to always perform authentication locally and never depend on some host being accessible at the time of user's login.