From owner-freebsd-questions@FreeBSD.ORG Fri Mar 9 04:13:32 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D774716A402 for ; Fri, 9 Mar 2007 04:13:32 +0000 (UTC) (envelope-from jahilliya@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.225]) by mx1.freebsd.org (Postfix) with ESMTP id 805E413C46B for ; Fri, 9 Mar 2007 04:13:32 +0000 (UTC) (envelope-from jahilliya@gmail.com) Received: by wr-out-0506.google.com with SMTP id 71so1151807wri for ; Thu, 08 Mar 2007 20:13:32 -0800 (PST) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=RNBLPgkft4CVfpXR0nev7nA5gY5qMgPmkGFdNisopMkNPDNATTT+xacU+/3V23eTO3NiFXa2qLFn258p1GA8yalj+JGqN7KQ0cNTUe7BHrLY+OpO0nGERJrL1yuGMnPmyMFRvhEv5FZFF8jdrnxWjjSZX9XCx2YWyFHSjs4JS3g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=D6NpFfgFemhZq3LUIhGScren0Uj5Lh+0CDoyxATAd7581otRghGM/YIk2rRArknVNPr5X3OJBzt+7Nq2ZAptzYjhJBwifVGBfYjMJGDZZZMiFhmCKht+lM6BDd+VFX+MKgakCivCs7/HxGSUkgh6EPaEeJUQZapVUzrSAVXHSBE= Received: by 10.65.213.4 with SMTP id p4mr1925592qbq.1173413611716; Thu, 08 Mar 2007 20:13:31 -0800 (PST) Received: by 10.65.230.10 with HTTP; Thu, 8 Mar 2007 20:13:31 -0800 (PST) Message-ID: Date: Fri, 9 Mar 2007 13:13:31 +0900 From: "Daniel Marsh" To: Noah In-Reply-To: <45F0D9A7.8000201@enabled.com> MIME-Version: 1.0 References: <45F0D9A7.8000201@enabled.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: User Questions Subject: Re: syncing user passwd information between servers X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2007 04:13:32 -0000 On 3/9/07, Noah wrote: > > Hi, > > I am trying to figure out the Best admininstrative way to do the > following: > > We have two FreeBSD 6.2 servers and want to keep the passwd files in > sync so all the same users can log into each machine, their UID's match, > and when the update the password on one machine the other machine gets > the password. When we add the user to one machine then the other > machine has an additional user too. > > What is the best scheme that we can devise to get this working > technically well? > > Cheers, > A couple of things can be done... The first, and longest existing method would be to use NIS between the two machines where one machine acts as a server, the other as a client to that server, if the server goes down, no-one can login. (I havn't investigated in backup NIS servers as I don't like NIS) The other option would be using LDAP (OpenLDAP), you'll install OpenLDAP on both servers, one will act as a master, the other as a slave, each machine will login against the ldap database running locally. The master ldap will replicate to the slave to keep any user changes in tact and up to date. You'll need to install the pam_ldap and nss_ldap ports and may want to use LDAP Account Manager (runs via PHP on Apache) to manage the user accounts. Another option may be to use a versioning system, one machine has a versioning repository, you import /etc/ into the versioning system (CVS or Subversion), when you make a change on a server to passwd's etc... you commit the change and check it out on the other machine, maybe even making use of merging changes so if two people, one on each machine, change their passwords and they both commit you don't lose one of the password changes.