From owner-freebsd-isp  Tue Oct  6 20:31:51 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA19537
          for freebsd-isp-outgoing; Tue, 6 Oct 1998 20:31:51 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from peak.mountin.net (peak.mountin.net [207.227.119.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA19520;
          Tue, 6 Oct 1998 20:31:37 -0700 (PDT)
          (envelope-from jeff-ml@mountin.net)
Received: (from daemon@localhost)
	by peak.mountin.net (8.9.1/8.9.1) id WAA18742;
	Tue, 6 Oct 1998 22:31:38 -0500 (CDT)
Received: from luthien-10.isdn.mke.execpc.com(169.207.65.10) by peak.mountin.net via smap (V1.3)
	id sma018740; Tue Oct  6 22:31:27 1998
Message-Id: <3.0.3.32.19981006222438.00f7f438@207.227.119.2>
X-Sender: jeff-ml@207.227.119.2
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32)
Date: Tue, 06 Oct 1998 22:24:38 -0500
To: "Gary Palmer" <gpalmer@FreeBSD.ORG>, Graeme Tait <U@webcom.com>
From: "Jeffrey J. Mountin" <jeff-ml@mountin.net>
Subject: Re: How to share accounts between mail/pop and web servers? 
Cc: freebsd-isp@FreeBSD.ORG
In-Reply-To: <1456.907723995@gjp.erols.com>
References: <Your message of "Tue, 06 Oct 1998 20:04:56 PDT."             <361ADA58.58B7@webcom.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 09:33 PM 10/6/98 -0400, Gary Palmer wrote:
>It also creates interesting problems when you grow large enough. All
>our servers are broken out by function (to the point of different NS
>machines for customer resolvers and nameservers for acutally holding
>local domain information, inbound & outbound & virtual mail machines
>are all broken out, etc. It makes it administratively cleaner, and
>stops people fighting over tuning options and system setups and so
>on....

Bingo!  And amen!

"more work to maintain" = "bad planning"

At least with my suggestion along with using a /some/where/else/passwd file, it's easy to share the passwords.

Even better would be to keep them on a secured server that would be used internally by techs and such for account additions etc.  This server would have a twin and both could be queried by all other servers via a private network ala 2nd NIC for a bit more security.

At one point a plan using a 2nd NIC in each server to connect to a central clearinghouse via NIS was worked out, which can be done fairly secure, but telnet access by users makes life difficult.

Of course when you get really BIG, it means some kind of user addition distribution and using hubs for certain things eg SMTP/POP, but I don't think the originator had that in mind for now.

At least until his users number in the 10's of thousands on up, which just begs to have a central location for user vitals.


Jeff Mountin - Unix Systems TCP/IP networking
jeff@mountin.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message