- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Sync /etc/passwd between 2 SG servers without usin...
Operating System - HP-UX
1752282
Members
4626
Online
108786
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2011 02:00 PM
02-14-2011 02:00 PM
Hi all,
I need to keep the /etc/passwd files in sync between 2 nodes in a Serviceguard cluster, but can’t use NIS or LDAP.
We have ~600 users who currently access our application via SSH login. We’re in the process of migrating to a 2-node Serviceguard cluster, and the users will continue to connect via SSH, only now to the IP address assigned to our SG package instead of a specific server. The problem is that almost all of the users are not employees of our company, they work for the State or County government. So as I understand it, NIS or LDAP aren’t really viable options. We do have a handful of internal users with home directories that are local to each node, whereas all the other users have home dirs that are on the SG package shared Volume Group.
So the big question is, how do we keep the passwd files in sync between the 2 nodes? I’m thinking along the lines of a script that looks to see if the package is on that node, and if so it copies /etc/passwd and /etc/group over to the other system. But the worry there is simultaneous changes and changes getting lost between copies. Also, how will password aging and consecutive incorrect passwords be affected?
I’ve searched the forums and have found several queries that are close to mine, but most answers suggest LDAP/NIS. Thanks in advance for any suggestions/pointers!
-Rich
I need to keep the /etc/passwd files in sync between 2 nodes in a Serviceguard cluster, but can’t use NIS or LDAP.
We have ~600 users who currently access our application via SSH login. We’re in the process of migrating to a 2-node Serviceguard cluster, and the users will continue to connect via SSH, only now to the IP address assigned to our SG package instead of a specific server. The problem is that almost all of the users are not employees of our company, they work for the State or County government. So as I understand it, NIS or LDAP aren’t really viable options. We do have a handful of internal users with home directories that are local to each node, whereas all the other users have home dirs that are on the SG package shared Volume Group.
So the big question is, how do we keep the passwd files in sync between the 2 nodes? I’m thinking along the lines of a script that looks to see if the package is on that node, and if so it copies /etc/passwd and /etc/group over to the other system. But the worry there is simultaneous changes and changes getting lost between copies. Also, how will password aging and consecutive incorrect passwords be affected?
I’ve searched the forums and have found several queries that are close to mine, but most answers suggest LDAP/NIS. Thanks in advance for any suggestions/pointers!
-Rich
"UNIX is a user-friendly Operating System .. it's just picky about choosing its friends."
Solved! Go to Solution.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2011 02:35 PM
02-14-2011 02:35 PM
Solution
This may not be the "proper" way but..
simply replicate /etc/passwd back and forth between the servers.
warning:
(if something breaks you will not be able to log in)
if you are using "trusted" mode then also tar up and copy /tcb directory.
do some testing with just one non-root entry to get things right.
perhaps only sync userid's over 100 leaving the system ids and root alone.
simply replicate /etc/passwd back and forth between the servers.
warning:
(if something breaks you will not be able to log in)
if you are using "trusted" mode then also tar up and copy /tcb directory.
do some testing with just one non-root entry to get things right.
perhaps only sync userid's over 100 leaving the system ids and root alone.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2011 12:42 PM
02-15-2011 12:42 PM
Re: Sync /etc/passwd between 2 SG servers without using LDAP or NIS
Thanks Tim.
The systems are not trusted, so no /tcb files to worry about. We do have different root passwords, as well as a few others, so the concept of not copying UID's under 100 is probably how we'll have to go. I just want to make sure we don't miss any password changes or useradds..
Any thoughts on if password aging or consecutive incorrect passwords will be affected?
-Rich
The systems are not trusted, so no /tcb files to worry about. We do have different root passwords, as well as a few others, so the concept of not copying UID's under 100 is probably how we'll have to go. I just want to make sure we don't miss any password changes or useradds..
Any thoughts on if password aging or consecutive incorrect passwords will be affected?
-Rich
"UNIX is a user-friendly Operating System .. it's just picky about choosing its friends."
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2011 04:38 PM
02-15-2011 04:38 PM
Re: Sync /etc/passwd between 2 SG servers without using LDAP or NIS
A simple copy will work fine. Since you're not using /tcb (Trusted system), then consecutive bad passwords have no effect -- unless you are using enhanced security or shadow passwords. Then you'll need to copy additional files.
Bill Hassell, sysadmin
Bill Hassell, sysadmin
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP