sharing /etc/passwd
Giorgos Keramidas
keramida at freebsd.org
Sat Sep 25 07:02:48 PDT 2004
On 2001-11-07 21:13, Steve Shorter <steve at nomad.tor.lets.net> wrote:
> On Wed, Nov 07, 2001 at 07:02:09PM -0700, David Bear wrote:
> > I need to sync /etc/passwd and /etc/group among multiple machines. I was
> > thinking ldap would be a good method but am concerned about
> >
> > 1) the most secure way to do it
> > 2) the most stable
> > 3) things I don't know about this but should...
> >
> > any pointers to man pages/docs would be appreciated.
>
> Hmm... how about rsync? /usr/ports/net/rsync
> -steve
After reading a nice paper by Val Henson[1] I'm not so sure I'd trust
sensitive information like password data to rsync without making sure
that compare-by-hash is disabled if at all possible.
There are other ways to use a common authentication server, shared by
many machines. Kerberos and NIS or NIS+ are good examples. At least
better than a ``blind copy'' of password files with rsync.
Giorgos.
--- References ---
[1] Val Henson, "An Analysis of Compare-by-hash". In Proceedings of
"HotOS IX: The 9th Workshop on Hot Topics in Operating Systems",
pp. 13-18. [ http://www.nmt.edu/~val/review/hash.html ]
More information about the freebsd-security
mailing list