Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 13 Aug 2001 09:56:13 -0400
From:      "diesel" <diesel@bsdvault.net>
To:        "'Greg Black'" <gjb@gbch.net>
Cc:        "'Jonathan M. Slivko'" <jslivko@blinx.net>, "'Erik Sabowski'" <airyk@sabowski.dhs.org>, <freebsd-stable@FreeBSD.ORG>
Subject:   RE: Any way to have multiple machines share a single passwd file? 
Message-ID:  <001801c123ff$b9094670$0400000a@zen>
In-Reply-To: <nospam-997666225.98319@maxim.gbch.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
The issuance of Pwd_mkdb is going to be covered in article II.  Syncing
of local password file is going to be done in article II as well as
integrity checking.  This article proves it possible and the means to do
it.  Many organizations use this method to manage their networks.  Ill
be sure to email you the second and third parts.  

   Half full or half empty?


-----Original Message-----
From: owner-freebsd-stable@FreeBSD.ORG
[mailto:owner-freebsd-stable@FreeBSD.ORG] On Behalf Of Greg Black
Sent: Sunday, August 12, 2001 9:30 PM
To: diesel
Cc: 'Jonathan M. Slivko'; 'Erik Sabowski'; freebsd-stable@FreeBSD.ORG
Subject: Re: Any way to have multiple machines share a single passwd
file? 

"diesel" wrote:

| You should check out the latest article on http://bsdvault.net .  It
| details how to set up a password push to all your hosts from a master
| host.  

That article does not give very useful advice, since the scripts
it shows explicitly manage only /etc/master.passwd -- and that
file has no control at all over who can login.  If the bad guys
have compromised the real password file (/etc/spwd.db), then it
won't help at all.  For this to be useful, it should also make
sure to regenerate /etc/spwd.db or take some other step to
ensure it is in sync with the master.passwd file.

The other problem that it ignores is legitimate password changes
by users on the "protected" hosts -- these will be clobbered by
the method shown.

Back to the drawing board, I think.  And this is off-topic for
this list.  Take it to questions if there's more to be said.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001801c123ff$b9094670$0400000a>