Security
cancel
Showing results for 
Search instead for 
Did you mean: 

Enhanced Security User Replication

SOLVED
Go to solution
Paul_504
Frequent Advisor

Enhanced Security User Replication

Hi

I'm trying to replicate our user environment from one system to another. Both are Tru64 V5.1B systems, both Alpha 4100, both PK3. They're for all purposes identical, and both are on Enhanced Security.

I copy the following files from system2 to system1:

/tcb/files/auth.db
/var/tcb/files/auth.db
/etc/passwd
/etc/group

Say my password on system1 is Password1, and on system2, Password2. Once I've copied the files over, I'm able to log in on system1 using both Password1 and Password2 as passwords successfully.

Why is that? Where else does Enhanced Security read it's authentication from? Are there other files I should move over?

Any help regarding this, or any ideas, would truly be appreciated.

Thank you
Paul
6 REPLIES
Srivathsan
Frequent Advisor

Re: Enhanced Security User Replication

Ah there you go Paul, I have another thread open for almost the same requirement.

I will be following this closely.

Thanks
Srivathsan
Victor Semaska_3
Esteemed Contributor
Solution

Re: Enhanced Security User Replication

Paul,

I've copied accounts not by copying the files themselves but using this procedure and it works for me:

1st server:
# /tcb/bin/authck -av
Use the above command to verify accounts, fix any problems 1st.

# /tcb/bin/edauth -d p -g > /tmp/p.auth

Copy /tmp/p.auth, /etc/passwd, /etc/group to 2nd server.

2nd server:
Replace existing /etc/passwd & /etc/group with the copied files.

# cat /tmp/p.auth | /tcb/bin/edauth -d p -s

# /tcb/bin/authck -av

Vic

There are 10 kinds of people, one that understands binary and one that doesn't.
Ann Majeske
Honored Contributor

Re: Enhanced Security User Replication

Hi,

Vic has the correct method for copying users from one system to another with Enhanced Security enabled. There are log files used by the Enhanced Security database that are not updated by just copying the files over.

In addition to Vic's instructions, if your system has a hashed password database (/etc/passwd.pag and /etc/passwd.dir) you should also run /usr/sbin/mkpasswd to update the hashed password database.

Ann
Ann Majeske
Honored Contributor

Re: Enhanced Security User Replication

One more thing, if you have modified anything in the /etc/auth/system/default, the /etc/auth/system/devassign, or the /etc/auth/system/ttys.db files you should copy them over using edauth as well. See "man edauth", "man default", "man devassign", and "man ttys".
Paul_504
Frequent Advisor

Re: Enhanced Security User Replication

Vic, Ann, thanx a million. I tried it and it works B-eautifully :-).

Srivathsan, try it and let us know whether you've come right as well please.

Thank you guys for the input. I appreciate it ten fold.

Paul
Paul_504
Frequent Advisor

Re: Enhanced Security User Replication

Vic had supplied me with a perfect and effective solution. I have no further queries and can take things from here on my own. I do appreciate Vic and Ann's input immensely though.