From owner-freebsd-net Tue Feb 23 16:20:55 1999 Delivered-To: freebsd-net@freebsd.org Received: from smtp2.erols.com (smtp2.erols.com [207.172.3.235]) by hub.freebsd.org (Postfix) with ESMTP id 7B2C4113A5 for ; Tue, 23 Feb 1999 16:20:44 -0800 (PST) (envelope-from shmit@natasya.noc.erols.net) Received: from natasya.noc.erols.net (natasya.mrf.va.noc.rcn.net [207.172.25.236]) by smtp2.erols.com (8.8.8/8.8.5) with ESMTP id TAA25451; Tue, 23 Feb 1999 19:23:09 -0500 (EST) Received: (from shmit@localhost) by natasya.noc.erols.net (8.9.2/8.9.1) id TAA53032; Tue, 23 Feb 1999 19:20:32 -0500 (EST) Message-ID: <19990223192031.C50175@kublai.com> Date: Tue, 23 Feb 1999 19:20:31 -0500 From: Brian Cully To: GVB , freebsd-net@FreeBSD.ORG Subject: Re: RADIUS Solutions Reply-To: shmit@kublai.com References: <4.1.19990223102105.00adb730@abused.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <4.1.19990223102105.00adb730@abused.com>; from GVB on Tue, Feb 23, 1999 at 10:23:16AM -0800 X-Sender: If your mailer pays attention to this, it's broken. X-PGP-Info: finger shmit@kublai.com for my public key. Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Feb 23, 1999 at 10:23:16AM -0800, GVB wrote: > As I start to completely take over all the NT machines here and replace > them with FreeBSD, I am faced with this challenge. I will be running two > FreeBSD machines for Radius Authentication. Both using Meritt AAA and > /etc/passwd for authentication. What is the best way to synchronize passwd > files between the two systems immediatly (or 5 minute incriments) upon user > adds and password changes, etc. NIS? rsync? etc.. One of the things we did was distribute a full password list every four hours, but to get real-time authentication, we hacked our daemon to query directly against our provisioning system if the user wasn't in the password file or if his password had been invalidated. It works fairly well, and should be much more scalable than pushing out full password files every five minutes or so, and also better than doing all requests over the network. -- Brian Cully ``I'm not surprised,'' said I. ``You created God in your own image, and when you found out he was no good you abolished him. It's quite a common form of psychological suicide.'' -- Robertson Davies, Fifth Buisiness To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message