Password File Sync Script
Password File Sync Script
am 19.06.2006 22:44:01 von Sashikanth Madduri
Hi,
I am writing a script to update password files from the server to
all the clients in the network.
I will be copying the following files periodically to all the clients:
/etc/passwd
/etc/shadow
/etc/group
scp is one option to do the remote copying. But, root ssh is disabled
in the clients and I cannot use scp. Is there any alternative
way(other than scp) to do this. Do I have to enable root ssh inorder
to do a remote copy of the above files. Please help.
PS: I am not using NIS for password management.
Thank you.
Sashikanth Madduri.
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Password File Sync Script
am 19.06.2006 22:59:16 von Scott Taylor
On Mon, June 19, 2006 13:44, Sashikanth Madduri wrote:
> Hi,
> I am writing a script to update password files from the server to
> all the clients in the network.
>
> I will be copying the following files periodically to all the clients:
>
> /etc/passwd
> /etc/shadow
> /etc/group
>
> scp is one option to do the remote copying. But, root ssh is disabled
> in the clients and I cannot use scp. Is there any alternative
> way(other than scp) to do this. Do I have to enable root ssh inorder
> to do a remote copy of the above files. Please help.
>
> PS: I am not using NIS for password management.
That's crazy, not to mention dangerous. If you are at a point where you
need a script to update your passwords, perhaps you should consider using
NIS or something.
That said, you could always enable root ssh and just disable it again.
--
Scott
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Password File Sync Script
am 19.06.2006 22:59:55 von office
Sashikanth Madduri wrote:
> I will be copying the following files periodically to all the clients:
>
> /etc/passwd
> /etc/shadow
> /etc/group
Wait. Why in the world would you want to do that?
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Password File Sync Script
am 19.06.2006 23:02:30 von Matt Hemingway
What if you went the other way? Instead of pushing the files, the clients "grab" them. Would allowing root to ssh in only to the "main" server be a problem?
-Matt
On Mon, 19 Jun 2006 13:44:01 -0700
"Sashikanth Madduri" wrote:
> Hi,
> I am writing a script to update password files from the server to
> all the clients in the network.
>
> I will be copying the following files periodically to all the clients:
>
> /etc/passwd
> /etc/shadow
> /etc/group
>
> scp is one option to do the remote copying. But, root ssh is disabled
> in the clients and I cannot use scp. Is there any alternative
> way(other than scp) to do this. Do I have to enable root ssh inorder
> to do a remote copy of the above files. Please help.
>
> PS: I am not using NIS for password management.
>
> Thank you.
>
> Sashikanth Madduri.
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Password File Sync Script
am 19.06.2006 23:36:24 von Sashikanth Madduri
I am not using NIS because, it is insecure and password information is
passed over the network unencrypted.
So, I am thinking of copying the password files in an ssh tunnel(using scp).
Is NIS really insecure?
What is the best way to manage user accounts in a network if security
is a concern?
On 6/19/06, Scott Taylor wrote:
>
> On Mon, June 19, 2006 13:44, Sashikanth Madduri wrote:
> > Hi,
> > I am writing a script to update password files from the server to
> > all the clients in the network.
> >
> > I will be copying the following files periodically to all the clients:
> >
> > /etc/passwd
> > /etc/shadow
> > /etc/group
> >
> > scp is one option to do the remote copying. But, root ssh is disabled
> > in the clients and I cannot use scp. Is there any alternative
> > way(other than scp) to do this. Do I have to enable root ssh inorder
> > to do a remote copy of the above files. Please help.
> >
> > PS: I am not using NIS for password management.
>
> That's crazy, not to mention dangerous. If you are at a point where you
> need a script to update your passwords, perhaps you should consider using
> NIS or something.
>
> That said, you could always enable root ssh and just disable it again.
>
> --
> Scott
>
>
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Password File Sync Script
am 19.06.2006 23:40:53 von office
Sashikanth Madduri wrote:
> I am not using NIS because, it is insecure and password information is
> passed over the network unencrypted.
>
> So, I am thinking of copying the password files in an ssh tunnel(using
> scp).
>
> Is NIS really insecure?
> What is the best way to manage user accounts in a network if security
> is a concern?
Kerberos/OpenLDAP would be a good start.
--Adrian.
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Password File Sync Script
am 20.06.2006 06:34:53 von urgrue
On 06/19/2006 11:44:01 PM, Sashikanth Madduri wrote:
> Hi,
> I am writing a script to update password files from the server to
> all the clients in the network.
>
> I will be copying the following files periodically to all the clients:
>
> /etc/passwd
> /etc/shadow
> /etc/group
In general ldap is probably a better idea. Fedora Directory Server is
free and very easy to setup.
However, if for some reason that isnt an option:
-have the clients fetch the files instead
-have the server put the files in some non-root user's homedir, from
where a script running on the client verifies them and copies them into
place
Security-wise ldap is a better option, although I don't find these
scripts to be as bad as they seem.
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Password File Sync Script
am 20.06.2006 21:55:23 von Sashikanth Madduri
Hi,
How can I make sure that all the (human) users that are added to
the system have uids > 500. What is the configuration file for doing
that.
Thank You.
Sashi.
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Password File Sync Script
am 20.06.2006 22:15:24 von Sashikanth Madduri
Sorry for the previous mail. I found the answer. The file is
/etc/login.defs (useradd uses those values as defaults).
Thank You.
Sashi.
On 6/20/06, Sashikanth Madduri wrote:
> Hi,
> How can I make sure that all the (human) users that are added to
> the system have uids > 500. What is the configuration file for doing
> that.
>
> Thank You.
>
> Sashi.
>
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html