multihost master.passwd sync
Michael Collette
metrol at metrol.net
Tue May 27 12:22:22 PDT 2003
On Tuesday 27 May 2003 12:10 pm, Andy Harrison wrote:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> On 27-May-2003, Michael Collette wrote message "Re: multihost master.passwd
> sync"
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> > Why not just preconfigure SSH keys between the boxes and scp the file
> > across? Seems like a lot of extra work to bring PGP into the mix.
>
> Because we don't allow root login remotely, mandated from above.
Assuming both machines have their clocks sync'd, two crons. One to pass the
file across via an admin/non-root user. The second cron to move the file,
change permissions and whatever else you need to do.
Just a thought. I tend to do fair amount of scp kind of stuff, so I'm just
rather partial to it is all.
> > Personally, I'm real curious about utilizing an LDAP backend to replace
> > NIS. Read a bit about it, but haven't had a chance to play with it just
> > yet. It sounds like a far more elegant solution for what you're looking
> > to do as well. Assuming it all works as advertised that is.
>
> The problem is that while it allows authentication, it doesn't integrate
> seamlessly allowing you to own files as a user that only exists in the
> ldap.
I'm really curious as to what you mean by this. Like I said, I've only
scratched the surface concerning LDAP authentication. What doesn't
integrate? I thought that was the PAM_LDAP port was supposed to handle?
If you get the chance, I'd really appreciate a fuller description of why LDAP
isn't a suitable solution for you. I'm trying to get a better handle on the
pros and cons of that approach.
Later on,
--
"Always listen to experts. They'll tell you what can't be done, and why.
Then do it."
- Robert A. Heinlein
More information about the freebsd-security
mailing list