HPE Community
Operating System - HP-UX
1843977 Members
2098 Online
110226 Solutions
New Discussion

Re: HPUX 11.0: MCSG Password Syncing & Aging

 
SOLVED
Go to solution
LG Porter
Frequent Advisor

‎08-12-2003 12:21 PM

‎08-12-2003 12:21 PM

HPUX 11.0: MCSG Password Syncing & Aging

I have several MCSG clusters configured in a two node active-active setup, running HPUX 11.0 and MCSG 11.12, that I manage that had been previously configured sometime ago using a sync script executed via cron to sync passwords between servers. Questions: A) What is the best method for keeping passwords synced between nodes in a MCSG two node active-active setup? B)Is there any issues to having a the two nodes configured as "trusted" active-active setup, setting the max password aging value between the nodes to a different value that the default? C) Is there any docs, white papers or ITRC docs available outlining MCSG running in a "trusted" setup and the recommend setup for nodes configured as trusted?
0 Kudos
Reply
8 REPLIES 8
Rainer von Bongartz
Honored Contributor

‎08-12-2003 10:33 PM

‎08-12-2003 10:33 PM

Solution

Re: HPUX 11.0: MCSG Password Syncing & Aging

I do it the following way.

Both boxes are configured trusted and any UID that has to bee sync'ed must be greater than 1000.
This way I can configure users like root etc not to be synced on both machines.

The following script is run through cron do do the sync
# script syncs user passwords from venus to mars on trusted system
# only UID's .gt. 1000 are synced

while read line
do
user=`echo $line | awk -F: '{print $1}'`
uid=`echo $line | awk -F: '{print $3}'`
if [ $uid -gt 1000 ]
then
path=`find /tcb/files/auth -name $user`
dirname=`/usr/bin/dirname $path`
file=`/usr/bin/basename $path`
/usr/bin/rcp $path mars:$dirname > /dev/null 2>&1
else
echo "No sync for $user" > /dev/null
fi
done < /etc/passwd

/usr/bin/rcp -r /tcb/files/auth/system/* mars:/tcb/files/auth/system


Regards
Rainer

He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
Reply
malay boy
Trusted Contributor

‎08-12-2003 10:51 PM

‎08-12-2003 10:51 PM

Re: HPUX 11.0: MCSG Password Syncing & Aging

Password sync??We used NIS for this.We have 3 machined running MC/SG and 3 Apps server accessing the application.To make the user/password admin simpler we used NIS.

regards
mB
There are three person in my team-Me ,myself and I.
0 Kudos
Reply
Darren Prior
Honored Contributor

‎08-13-2003 12:27 AM

‎08-13-2003 12:27 AM

Re: HPUX 11.0: MCSG Password Syncing & Aging

Hi,

If you're trusting the system then you cannot use NIS, you will require NIS+. Another possibility is LDAP.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
Stephen Doud
Honored Contributor

‎08-13-2003 04:04 AM

‎08-13-2003 04:04 AM

Re: HPUX 11.0: MCSG Password Syncing & Aging

ITRC document: UXSGKBAN00000227
TITLE:Keeping Passwords Synced Between ServiceGuard Hosts

As stated before, "trusted" systems require NIS+. Best method I can think of for syncing passwords.

-Stephen
Reply
LG Porter
Frequent Advisor

‎09-12-2003 12:35 PM

‎09-12-2003 12:35 PM

Re: HPUX 11.0: MCSG Password Syncing & Aging

Stephen: Reference UXSGKBAN00000227
I do not have access to that document...Can you cut and paste in a Wordpad or Notepad document as attachment? I appreciate your reply, thanks.
0 Kudos
Reply
Darren Prior
Honored Contributor

‎09-15-2003 12:53 AM

‎09-15-2003 12:53 AM

Re: HPUX 11.0: MCSG Password Syncing & Aging

Hi,

I'm afraid it's not possible for people to cut and paste documents from the Knowledge Database into the forums. You should be able to access the document if your contract details are linked to your ITRC profile.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
Stanimir
Trusted Contributor

‎09-15-2003 01:10 AM

‎09-15-2003 01:10 AM

Re: HPUX 11.0: MCSG Password Syncing & Aging

Hi!
For the goal of synchronization of accounts
on cluster-mashines we use self-developed
client-server application. When user
is making logon to first mashine,the clent program is sending information about it
to another mashine. On this another mashine is waiting a server /like daemon/,which
receive information about this user and
update account of this mashine with
the lateset changes,connected with
this user. this way we are providing
a current replication of users-data.
I'm sending you a full package, with
README and man included.

Regards,Stan
Reply
Stanimir
Trusted Contributor

‎09-15-2003 01:15 AM

‎09-15-2003 01:15 AM

Re: HPUX 11.0: MCSG Password Syncing & Aging

Sorry,I forgot attachment :))
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.