From owner-freebsd-security@FreeBSD.ORG Fri Jun 20 10:14:59 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B99EA37B401 for ; Fri, 20 Jun 2003 10:14:59 -0700 (PDT) Received: from magnesium.net (toxic.magnesium.net [207.154.84.15]) by mx1.FreeBSD.org (Postfix) with SMTP id 35C1C43F75 for ; Fri, 20 Jun 2003 10:14:59 -0700 (PDT) (envelope-from unfurl@dub.net) Received: (qmail 29875 invoked by uid 1001); 20 Jun 2003 17:14:58 -0000 Date: 20 Jun 2003 10:14:58 -0700 Date: Fri, 20 Jun 2003 10:14:58 -0700 From: Bill Swingle To: Andy Harrison , freebsd-security@FreeBSD.org Message-ID: <20030620171458.GA29729@dub.net> References: <20030528063517.GA667@straylight.oblivion.bg> <20030528063627.GB667@straylight.oblivion.bg> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="+QahgC5+KEYLbs62" Content-Disposition: inline In-Reply-To: <20030528063627.GB667@straylight.oblivion.bg> X-Operating-System: FreeBSD toxic.magnesium.net 4.6-STABLE FreeBSD 4.6-STABLE User-Agent: Mutt/1.5.4i Subject: Re: multihost master.passwd sync X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2003 17:15:00 -0000 --+QahgC5+KEYLbs62 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable This is a way late reply but I've had wonderful success with using NIS for distributing user info (but *'ing out the passwords) then using kerberos for authentication. Dunno if that helps. -Bill On Wed, May 28, 2003 at 09:36:27AM +0300, Peter Pentchev wrote: > On Wed, May 28, 2003 at 09:35:17AM +0300, Peter Pentchev wrote: > > On Tue, May 27, 2003 at 01:46:37PM -0400, Andy Harrison wrote: > > >=20 > > > Just wondered if anyone had any suggestions about syncing up master.p= asswd > > > files between multiple machines that didn't involve allowing root log= in > > > remotely? The users need to be able to log in remotely and own files= on the > > > different machines. > >=20 > > People have mentioned LDAP; I am truly surprised no one has mentioned > > Kerberos yet. >=20 > Oh wait, nevermind. That's what I get for posting before coffee; > Kerberos still needs some way of telling the system that there is > such a user in the first place. >=20 > G'luck, > Peter >=20 > --=20 > Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org > PGP key: http://people.FreeBSD.org/~roam/roam.key.asc > Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 > This sentence contradicts itself - or rather - well, no, actually it does= n't! --=20 -=3D| Bill Swingle - -=3D| Every message PGP signed -=3D| PGP Fingerprint: C1E3 49D1 EFC9 3EE0 EA6E 6414 5200 1C95 8E09 0223 -=3D| "Computers are useless. They can only give you answers" Pablo Picasso= =20 --+QahgC5+KEYLbs62 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+80ESUgAclY4JAiMRArLTAJ4kUMWfF9zqahtD3WO8VTpZ0IilCQCeOrOB ydfs/H6HShjsGllb8T7QlMw= =PDTY -----END PGP SIGNATURE----- --+QahgC5+KEYLbs62--