[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Syncronized password management ...



On Tue, Jul 10, 2001 at 07:20:00PM -0700, Blake Barnett wrote:
> The reason you state for not wanting to use existing centralization schemes
> is network dependancies.  While this is certainly a valid concern, most
> systems have addressed this by at least providing replication for the
> service, so that servers can be placed at strategic points in your network
> and provide a robust fallback mechanism.  While I believe NIS does this I
> would recommend using LDAP as both your authentication and information
> source.  (via pam-ldap & pam-nss).  The replication is done very well in
> LDAP and the referral system works well for falling back to other servers.  
> 
> If your WHOLE network goes down or you can't reach ANY of your replicas
> you've got far more serious problems than just being able to login to your
> boxes.  You should always have root and a couple administrative logins which
> ALWAYS reside in /etc/shadow for these situations anyway.
> 
> As you said, it is a daunting task, and one which isn't really warranted
> given the resources already available.

	Or you could just rsync the necessary files, which has some security 
	issues. 

-- 
Share and Enjoy. 





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []