Date: 24 Feb 1999 10:36:18 -0500 From: Chris Shenton <cshenton@uucom.com> To: GVB <gvbmail@tns.net> Cc: freebsd-net@FreeBSD.ORG Subject: Re: RADIUS Solutions [synchronizing passwords across systems] Message-ID: <86lnhnu83x.fsf@samizdat.uucom.com> In-Reply-To: GVB's message of Tue, 23 Feb 1999 10:23:16 -0800 References: <4.1.19990223102105.00adb730@abused.com>
next in thread | previous in thread | raw e-mail | index | archive | help
GVB <gvbmail@tns.net> writes: > I will be running two FreeBSD machines for Radius Authentication. > Both using Meritt AAA and /etc/passwd for authentication. What is > the best way to synchronize passwd files between the two systems > immediatly (or 5 minute incriments) upon user adds and password > changes, etc. NIS? rsync? etc.. I have a somewhat similar situation: FreeBSD passwords on the account-creation system need to be synchronized between the www/ftp box, smtp/pop/imap box, and radius servers. I wrote a script which uses "scp" to copy the master.password and group file into a temporary (secure) place on the target, then invokes makepwdb to convert that into the FreeBSD DB format. I run it from cron only once an hour at this point. I wanted to run the password-pushing script when the user changed their password, but my changing mechanism is a web form calling a CGI which talks to poppassd. This means that the "user" which would be running the pusher is "www" -- so anyone who could reach my web server could invoke the script, not something I'm happy with, lots of room for abuse. That's why I just run it periodically out of root's cron. I'm not entirely happy with this solution, but I wasn't too happy turning on NIS -- after avoiding it for five years. The FreeBSD NIS docs make it sounds like they've taken great care for NIS-sharing password-oriented files, but still... been burned by NIS security problems too many times in the past. I'd welcome other suggestions... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86lnhnu83x.fsf>