Databases
cancel
Showing results for 
Search instead for 
Did you mean: 

Syncing Passwords on 2 servers

SOLVED
Go to solution
Marty Metras
Super Advisor

Syncing Passwords on 2 servers

I am lucky to have a standby server with a standby database the is kept in sync with in an hour. If I hav a falure on the Main server I can change over in 15-30 minutes.
The only thing I am not in sync is the the unix users.
Both are HPUX 11.0 servers and are non trusted systems.
I control the new users and the users change there own passwords.
Is there a way to keep the users and passwords in sync while only maintening one server?

Marty, Doer of Things
The only thing that always remain the same are the changes.
21 REPLIES
Pete Randall
Outstanding Contributor

Re: Syncing Passwords on 2 servers

Marty,

There's NIS and NIS+. They'll do the job but can be complicated in and of themselves and also complicate other things. Another simple technique would be to regulary copy the password file from the main server to the standby. You could use cron, even, to do it once an hour, once a day, whatever!


Pete

Pete
Marty Metras
Super Advisor

Re: Syncing Passwords on 2 servers

Pete,
I am already using rsync/ssh to keep most thing up to date.
If it us rsync to keep the passwd file synced is there any thing I should do to make sure the PID numbers are the same for the system stuff?
Marty
The only thing that always remain the same are the changes.
Steven E. Protter
Exalted Contributor

Re: Syncing Passwords on 2 servers

NIS will work, as will copying the passwd file.

Many organizations shy away from NIS due to the complexity.

Another alternative would be to make the main server an LDAP server and have the offline server be an LDAP client.

Then the only authentications that will be out of synch would be root, which should be different anyway.

I think many organizations are moving toward LDAP because they can also handle Microsoft authentication in such a setup.

Another alternative, not as easy as Pete's but possibly a good route nonetheless.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Hoefnix
Honored Contributor

Re: Syncing Passwords on 2 servers

I have used the /etc/password replication(as posted above) in the past in the same situation. Be aware that you also need to replicatte the homedirectories of the user (can also be done using cron and for exmpl NFS shares)
Copy also /etc/group if you add groups on the main server. If you use /etc/ftpusers copy this file aswell.

REgards,

Peter Geluk
Hoefnix
Honored Contributor

Re: Syncing Passwords on 2 servers

sorry typo: I mean /etc/passwd
Pete Randall
Outstanding Contributor

Re: Syncing Passwords on 2 servers

Marty,

What do you mean by the "PID numbers"?


Pete

Pete
Marty Metras
Super Advisor

Re: Syncing Passwords on 2 servers

In the passwd file like
metm:aRCxNJfnIXEmA:103:102:Marty....
the 103,102 UsedID#, and GroupID#

Marty
The only thing that always remain the same are the changes.
Pete Randall
Outstanding Contributor

Re: Syncing Passwords on 2 servers

Marty,

Ah, the User ID Number (UID)! If you're copying the passwd file (and the group file) from one machine to the other, they'll be identical, as will the UID numbers. Or am I missing something (I'm not really familiar with rsync/ssh).


Pete

Pete
Jeff Schussele
Honored Contributor

Re: Syncing Passwords on 2 servers

Hi Marty,

If all you're dealing with here is 2 systems then a simple cronned rcp/scp will do.
But beyond the /etc/passwd file I'd also copy the /etc/group file, the /home dir as well as the /tcb dir structure if trusted.
That way *everything* would be in sync.

My 2 cents,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Marty Metras
Super Advisor

Re: Syncing Passwords on 2 servers

I thought the UID and Group ID numbers was what the system used for the files so it knew who owned the files.
Say a file was owned be user METM and Group VISIB. In the passwd file these are 102,103.
Does the system uses the numbers or the names to keep things straight.
Meaning if I copy the passwd file to the Standby server and the UID Nos do not match will this be a problem now. Right now some of then do not match on the 2 servers.
Marty
The only thing that always remain the same are the changes.
Marty Metras
Super Advisor

Re: Syncing Passwords on 2 servers

I under stannd the passwd, group, userso home must be coppied I'm just confused about the Passwd file and the UID numbers. It might not be an issue. It is just because right now they do not match.
Marty
The only thing that always remain the same are the changes.
Hoefnix
Honored Contributor

Re: Syncing Passwords on 2 servers

If the numbers do not match on both servers, the ownership of files can change after copy etc/passwd. It uses the UID's to keep track of the ownerships.

Regards,

Peter
Jeff Schussele
Honored Contributor

Re: Syncing Passwords on 2 servers

Everything in the system is done by the UID - which then looks up the name out of the passwd file. If no match then only the # is displayed.
You *must* match UID <=> name between systems. BUT this would be accomplished on the first copy anyway. But it's also possible that then you'll have files owned by now non-existent UIDS & you'd have to find & change them all. So map out the name to UID before changing so you know what to change & to whom.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Pete Randall
Outstanding Contributor

Re: Syncing Passwords on 2 servers

The issue with UIDs then, would be that existing files are owned by UID 1234 (Marty) for example. After copying, the files would be still be owned by UID 1234 and this would not translate to Marty. You'll need to set up a one time chown script either going by home directory or using find -user to straighten the ownership out.


Pete

Pete
Marty Metras
Super Advisor

Re: Syncing Passwords on 2 servers

OK, I understand now.
I have to make the Standby servers UID match the Primary served first. Most match now.
If I understand your messages, I can change the UID's that do not match on the standby box and change the ownership on the few files that they own.
Once done, I should beable to copy the passwd, group and User's directories and I should be set to keeping then in sync.

Marty
The only thing that always remain the same are the changes.
Jeff Schussele
Honored Contributor

Re: Syncing Passwords on 2 servers

Absolutely - you have it down now.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Pete Randall
Outstanding Contributor

Re: Syncing Passwords on 2 servers

Yep, you've got it, O Mighty Doer of Things!!


Pete

Pete
Marty Metras
Super Advisor

Re: Syncing Passwords on 2 servers

Thanks guys.
Again you have cleared up my thoughts.
You have saved me more work. That is right after I do some more things.
Marty
The only thing that always remain the same are the changes.
Pete Randall
Outstanding Contributor

Re: Syncing Passwords on 2 servers

Marty,

I had one last thought: I don't think my suggestion about the find command will work so you'll need to do it either by home directory or by pre-building a list of files for each user (the find command could be used for this, though).

Good luck,

Pete

Pete
Marty Metras
Super Advisor

Re: Syncing Passwords on 2 servers

Pete,
I plan on comparing both passwd file first to see the difference. Using a script that is. Same with the group file. After I get the list of difference I can manually or with a script fix the ownership/groups as needed after the fact.
Users should not be a problem as thay are captive and only have ownership to there home directory and I will be replacing that.
It is just a few special accounts that I create jobs.
There is only a couple hundred records in the passwd file so it will not be to bad of a project.
After this is done I can use 'rsync' to keep the files up to date. That part is easy.

Thanks again Pete,
Marty
The only thing that always remain the same are the changes.
Pete Randall
Outstanding Contributor
Solution

Re: Syncing Passwords on 2 servers

Sound like you've got everything covered, Marty. Once again, good luck!


Pete

Pete