Is it possible to write an useradd script that will take input from an an existing passwd file? I am trying to replicate the users I have on one box to another seven boxes with the same user info. The script should be something like:
cat /etc/passwd | while read LINE do useradd option option done
Not sure how to parse the passwd file to get the uid, gid, home etc.
If the requirement is to replicate the users, why not copy the /etc/passwd and /etc/group files accross to another system excluding the system logins like root, adm, lp etc..
And if the systems are trusted then copy the /tcb files or other option is to untrust the system first and then coppy passwd and group files.
The systems are trusted; So copying the password file and the /tcb directory to the other systems should do the trick? What about the user's password, would that be the same on the target server?
Yes Mohammed, If the systems are trusted copying the /etc/passwd, /etc/group and /tcb will do the trick. The users password are stored in /tcb/files/auth so all the password will remain as it was on the old system.
Thanks for the NIS suggestion. I am also for a centralized authentication server, but unfortunately NIS is against our corporate policy (don't ask me why, I don't get it either). We are however in the process of implementing a customized LDAP solution to authenticate against Active Directory. But until that completes, I gotta do this manually :(
To have all the password on all the servers synced you can actually write a script which we have done. This script simply runs from /etc/profile and copies the /tcb/files/auth/?/ to all the servers when he logs in. This way you can keep the password in sync on all the trusted systems till you work on ldap or NIS solution
A note about NIS. The main reason it is a security risk is that it transmits plaintext passwords (and other data) over the network. NIS+ encrypts the data but it is not backward compatible and many systems cannot use NIS+. Most shops that need a central authentication method are using LDAP. Locally, the questions about NIS are not important if your users connect using telnet or 'r' commands such as remsh, rcp, rexec, or rlogin.
