From owner-freebsd-security@FreeBSD.ORG Fri Sep 24 15:50:05 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3BB7216A526 for ; Fri, 24 Sep 2004 15:50:05 +0000 (GMT) Received: from post5.inre.asu.edu (post5.inre.asu.edu [129.219.110.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 020B143D1D for ; Fri, 24 Sep 2004 15:50:05 +0000 (GMT) (envelope-from David.Bear@asu.edu) Received: from conversion.post5.inre.asu.edu by asu.edu (PMDF V6.1-1X6 #30769) id <0I4J00A01YGM39@asu.edu> for freebsd-security@FreeBSD.ORG; Fri, 24 Sep 2004 08:45:58 -0700 (MST) Received: from smtp.asu.edu (smtp.asu.edu [129.219.110.107]) <0I4J009GFYGLDS@asu.edu>; Fri, 24 Sep 2004 08:45:58 -0700 (MST) Received: from moroni.pp.asu.edu (moroni.pp.asu.edu [129.219.69.200]) (8.12.10/8.12.10/asu_smtp_relay,nullclient,tcp_wrapped) with ESMTP id i8OFjt71011184; Fri, 24 Sep 2004 08:45:55 -0700 (MST) Received: by moroni.pp.asu.edu (Postfix, from userid 500) id 25ECDE1B; Fri, 24 Sep 2004 08:45:51 -0700 (MST) Received: from post1.inre.asu.edu (post1.inre.asu.edu [129.219.110.72]) by imap1.asu.edu (8.11.0/8.11.0/asu_cyrus,tcp_wrapped) with ESMTP id fA83bbX27413 for ; Wed, 07 Nov 2001 20:37:37 -0700 (MST) Received: from conversion.post1.inre.asu.edu by asu.edu (PMDF V6.1 #40110) David.Bear@asu.edu) ; Wed, 07 Nov 2001 20:37:37 -0700 (MST) Received: from radix.cryptio.net (radix.cryptio.net [199.181.107.213]) by asu.edu (PMDF V6.1 #40110) with ESMTP id <0GMG00536Q2OH9@asu.edu> for iddwb@IMAP1.ASU.EDU (ORCPT David.Bear@asu.edu); Wed, 07 Nov 2001 20:37:37 -0700 (MST) Received: (from emechler@localhost) by radix.cryptio.net (8.11.6/8.11.6) id fA83bah72147; Wed, 07 Nov 2001 19:37:36 -0800 (PST envelope-from emechler) Content-return: allowed From: Erick Mechler In-reply-to: ; from David Bear on Wed, Nov 07, 2001 at 07:02:09PM -0700 To: dwbear75@gmail.com Message-id: <20011107193736.V64838@techometer.net> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline Old-To: David Bear User-Agent: Mutt/1.2.5i Lines: 23 References: X-Keywords: cc: FreeBSD Security List Subject: Re: sharing /etc/passwd X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Fri, 24 Sep 2004 15:50:05 -0000 X-Original-Date: Wed, 07 Nov 2001 19:37:36 -0800 X-List-Received-Date: Fri, 24 Sep 2004 15:50:05 -0000 How 'bout PAM? /usr/ports/security/pam_ldap. If you have machines that can't do PAM, perhaps NIS is the way to go (assuming, of course, you're behind a firewall). You can store login information in LDAP like you want, then use a home-grown script to extract the information to a NIS map. Or, if you have a Solaris 8 machine lying around, you can cut out the middle step and use Sun's NIS server which can backend directly into LDAP. Cheers - Erick At Wed, Nov 07, 2001 at 07:02:09PM -0700, David Bear said this: :: :: I need to sync /etc/passwd and /etc/group among multiple machines. I was :: thinking ldap would be a good method but am concerned about :: :: 1) the most secure way to do it :: 2) the most stable :: 3) things I don't know about this but should... :: :: any pointers to man pages/docs would be appreciated. :: :: :: To Unsubscribe: send mail to majordomo@FreeBSD.org :: with "unsubscribe freebsd-security" in the body of the message