HPE Community
Operating System - HP-UX
1753756 Members
4786 Online
108799 Solutions
New Discussion юеВ

Sync users and their pwds between the trusted systems

 
SOLVED
Go to solution
Srinikalyan
Regular Advisor

тАО11-01-2009 10:49 PM

тАО11-01-2009 10:49 PM

Sync users and their pwds between the trusted systems

Hi all,

HP-UX 11iv2
We have configured the DR environment for the production boxes. We want to sync the user name and passwords from primary to DR automatically. Both the systems are trusted. How can I accomplish with the best method?
Note: We don't use NIS, NIS+ so please ignore this option.

Thanks,
Srini
0 Kudos
Reply
4 REPLIES 4
RAC_1
Honored Contributor

тАО11-02-2009 01:03 AM

тАО11-02-2009 01:03 AM

Re: Sync users and their pwds between the trusted systems

With two root sessions on required boxes. tar ball of /home/, /etc/passwd, /etc/group and /tcb dirs should do it all.
There is no substitute to HARDWORK
0 Kudos
Reply
Olivier Masse
Honored Contributor

тАО11-02-2009 06:32 AM

тАО11-02-2009 06:32 AM

Solution

Re: Sync users and their pwds between the trusted systems

I have the same issue on a ServiceGuard clusters on which I need a way to synchronize local accounts, especially those whose passwords can change over time.

I ended up writing a small daemon that greps out the relevant entries from /etc/passwd and /etc/shaddow each 10 seconds and saves them somewhere in a filesystem which is part of the packaged application. When I start the package on another node, a control script synchronizes the local accounts with whatever is in these files. It's clumsy, but it works.

If you do this, be careful to lock /etc/passwd and /etc/shadow correctly before modifying them. 11iv3 also lets you put an encrypted password directly on the command line with usermod, which is safer than modifying the files directly.

Good luck
Reply
Srinikalyan
Regular Advisor

тАО11-23-2009 02:45 AM

тАО11-23-2009 02:45 AM

Re: Sync users and their pwds between the trusted systems

Will there be any result in a damaged/corrupted file, thus preventing access to a server or some/all users if we copy the password related files from one system to another using tar copy or rsync or rdist?

And also which is the proven one other than NIS?

Thanks,
Srini.
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО11-23-2009 08:01 AM

тАО11-23-2009 08:01 AM

Re: Sync users and their pwds between the trusted systems

> Will there be any result in a damaged/corrupted file, thus preventing access to a server or some/all users if we copy the password related files from one system to another using tar copy or rsync or rdist?

No more so than copying any file from system to system. Of course you will want to add checksums to ensure accurate copies. The simplest is to checksum the tarball. More thorough (and more scripting) is to checksum every file. I would add the /etc/default/security file to your list of files so global rules are the same in all systems.

> And also which is the proven one other than NIS?

Not sure what "proven" means. Many SA's use this method to sync multiple systems quite successfully. As always, be sure to have a root window (or two) open at the same time on a target machine to make sure everything works OK. And of course backup all the same target files and save them in case to need to revert back.


Bill Hassell, sysadmin
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.