System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Sync /etc/passwd between 2 SG servers without using LDAP or NIS

SOLVED
Go to solution
Rich Fink
Occasional Advisor

Sync /etc/passwd between 2 SG servers without using LDAP or NIS

Hi all,

I need to keep the /etc/passwd files in sync between 2 nodes in a Serviceguard cluster, but can’t use NIS or LDAP.

We have ~600 users who currently access our application via SSH login. We’re in the process of migrating to a 2-node Serviceguard cluster, and the users will continue to connect via SSH, only now to the IP address assigned to our SG package instead of a specific server. The problem is that almost all of the users are not employees of our company, they work for the State or County government. So as I understand it, NIS or LDAP aren’t really viable options. We do have a handful of internal users with home directories that are local to each node, whereas all the other users have home dirs that are on the SG package shared Volume Group.

So the big question is, how do we keep the passwd files in sync between the 2 nodes? I’m thinking along the lines of a script that looks to see if the package is on that node, and if so it copies /etc/passwd and /etc/group over to the other system. But the worry there is simultaneous changes and changes getting lost between copies. Also, how will password aging and consecutive incorrect passwords be affected?

I’ve searched the forums and have found several queries that are close to mine, but most answers suggest LDAP/NIS. Thanks in advance for any suggestions/pointers!

-Rich
"UNIX is a user-friendly Operating System .. it's just picky about choosing its friends."
3 REPLIES
Tim Nelson
Honored Contributor
Solution

Re: Sync /etc/passwd between 2 SG servers without using LDAP or NIS

This may not be the "proper" way but..

simply replicate /etc/passwd back and forth between the servers.

warning:
(if something breaks you will not be able to log in)

if you are using "trusted" mode then also tar up and copy /tcb directory.

do some testing with just one non-root entry to get things right.

perhaps only sync userid's over 100 leaving the system ids and root alone.



Rich Fink
Occasional Advisor

Re: Sync /etc/passwd between 2 SG servers without using LDAP or NIS

Thanks Tim.

The systems are not trusted, so no /tcb files to worry about. We do have different root passwords, as well as a few others, so the concept of not copying UID's under 100 is probably how we'll have to go. I just want to make sure we don't miss any password changes or useradds..

Any thoughts on if password aging or consecutive incorrect passwords will be affected?

-Rich
"UNIX is a user-friendly Operating System .. it's just picky about choosing its friends."
Bill Hassell
Honored Contributor

Re: Sync /etc/passwd between 2 SG servers without using LDAP or NIS

A simple copy will work fine. Since you're not using /tcb (Trusted system), then consecutive bad passwords have no effect -- unless you are using enhanced security or shadow passwords. Then you'll need to copy additional files.


Bill Hassell, sysadmin