Date: Mon, 13 Aug 2001 11:30:25 +1000 From: Greg Black <gjb@gbch.net> To: "diesel" <diesel@bsdvault.net> Cc: "'Jonathan M. Slivko'" <jslivko@blinx.net>, "'Erik Sabowski'" <airyk@sabowski.dhs.org>, freebsd-stable@FreeBSD.ORG Subject: Re: Any way to have multiple machines share a single passwd file? Message-ID: <nospam-997666225.98319@maxim.gbch.net> In-Reply-To: <001001c1233f$dcb5d360$0400000a@zen> of Sun, 12 Aug 2001 11:02:51 -0400 References: <001001c1233f$dcb5d360$0400000a@zen>
next in thread | previous in thread | raw e-mail | index | archive | help
"diesel" wrote: | You should check out the latest article on http://bsdvault.net . It | details how to set up a password push to all your hosts from a master | host. That article does not give very useful advice, since the scripts it shows explicitly manage only /etc/master.passwd -- and that file has no control at all over who can login. If the bad guys have compromised the real password file (/etc/spwd.db), then it won't help at all. For this to be useful, it should also make sure to regenerate /etc/spwd.db or take some other step to ensure it is in sync with the master.passwd file. The other problem that it ignores is legitimate password changes by users on the "protected" hosts -- these will be clobbered by the method shown. Back to the drawing board, I think. And this is off-topic for this list. Take it to questions if there's more to be said. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?nospam-997666225.98319>