[K12OSN] remote home directories
Scott Sherrill
scott at remc1.org
Thu Sep 8 15:37:11 UTC 2005
Brandon Kovach wrote:
>I don't know anything about NIS, but I can learn.
>
>I was originally trying to authenticate to my Netware server, but couldn't
>make NCPFS work correctly. At one point I had it working ... kinda ...
>but it blocked everyone else from the servers. All of them. I decided
>that I had enough time in that one and had done enough damage that I
>needed to move on to another solution for now.
>
>
>
Brandon -
To give you another alternative, I created a poor man's nis system using
ssh and the followin script:
#!/bin/sh
/usr/bin/rsync -p -e ssh /etc/passwd $1:/etc/passwd
/usr/bin/rsync -p -e ssh /etc/shadow $1:/etc/shadow
/usr/bin/rsync -p -e ssh /etc/group $1:/etc/group
the script is run from the main password server by cron (every 5min) and
is called with the following command:
pushpass clientserver
then I exported a ssh key from my main password server to each of my
client servers (so I don't need to login with a password).
So I have 1 server machine, and 5 ltsp servers. When a user is created
on the main server, 5 min later they show up on all the ltsp servers.
The reason I did it this way? NIS is great - does everything I did
above and more, but from any nis client machine if you do a "ypcat passwd"
you get the password hash:
scott:$1$Kj3gj3Yd$.jx34285SE6N.Ipp1nP1/Q91:2575:825:.....
short time from there for a student to crack that invidual pwd.
The way I'd do it with the time? ldap. But the above works for me.
Just another alternative to chew on.
Scott
More information about the K12OSN
mailing list