Date: Tue, 27 May 2003 14:20:59 -0500 From: Eric Anderson <anderson@centtech.com> To: Andy Harrison <ah60@httpsite.com> Cc: FreeBSD Security <FreeBSD-Security@freebsd.org> Subject: Re: multihost master.passwd sync Message-ID: <3ED3BA9B.5020008@centtech.com> References: <XFMail.20030527151057.ah60@httpsite.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Andy Harrison wrote: >>Why not just preconfigure SSH keys between the boxes and scp the file across? >>Seems like a lot of extra work to bring PGP into the mix. > > > Because we don't allow root login remotely, mandated from above. so you scp the file to a directory owned by a user designated to only do this function.. then have a cron job that fires up every so often that snags that file and updates the running master.passwd file.. >>Personally, I'm real curious about utilizing an LDAP backend to replace NIS. >>Read a bit about it, but haven't had a chance to play with it just yet. It >>sounds like a far more elegant solution for what you're looking to do as >>well. Assuming it all works as advertised that is. > > > The problem is that while it allows authentication, it doesn't integrate > seamlessly allowing you to own files as a user that only exists in the ldap. Huh? Explain more please.. Eric -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology Attitudes are contagious, is yours worth catching? ------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ED3BA9B.5020008>