HPE Community
Operating System - HP-UX
1832864 Members
2654 Online
110048 Solutions
New Discussion

MC ServiceGuard /etc/passwd ?

 
SOLVED
Go to solution
Neil A. Gilley
Occasional Contributor

‎12-28-2001 10:12 AM

‎12-28-2001 10:12 AM

MC ServiceGuard /etc/passwd ?

we have a 2 system/2 package failover setup and up until now we maintain users on the N4000, then rcp the passwd file to the L2000. Is this necessary? Can I have unique users on the 2 systems, my response to the aplication developers who asked that we do this was that I believed the failing system could not run on the other box if the users weren't able to be identified via the passwd file ! Am I correct, I haven't taken the Service Guard class yet, soon, I hope!
0 Kudos
Reply
5 REPLIES 5
Jeff Machols
Esteemed Contributor

‎12-28-2001 10:17 AM

‎12-28-2001 10:17 AM

Re: MC ServiceGuard /etc/passwd ?

I am not sure I am answering your question, but let me try. Service Gauerd itself does not need the password files to be the same. However, if you application depends on a specific user, you will have to keep the password files in sync. Also, if one machine fails and the second takes over, any user that needs to log on to that machine, will have to have an entry in the local password file.
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎12-28-2001 10:19 AM

‎12-28-2001 10:19 AM

Solution

Re: MC ServiceGuard /etc/passwd ?

Hi Neil,

Take this scene. You have system 1 and system 2 and package 1 and package 2 running on the two systems respectively. You have different sets of users using the packages and are defined in the password file on the respective systems. In the case of a failover if the user id's are not available on the other node, though the packge is running on that node, the users will not be able to use the same.

This can be solved by keeping the password files on the two systems in sync manually. Same set of users on both the systems with the same password. you can also get the same results by using NIS for login authentication. This way you have to add the user on the master and it will be replicated across NIS and authentication will be done by the NIS server irrespective of the NIS node the client is logging from.

Hope this helps.

Regds
Reply
A. Clay Stephenson
Acclaimed Contributor

‎12-28-2001 10:20 AM

‎12-28-2001 10:20 AM

Re: MC ServiceGuard /etc/passwd ?

Hi Neil:

User authenication is independent of ServiceGuard so that some provision must be mage to allow logins. UserA could have a different password on the two hosts but in order to maintain file permissions his uid and gid would have to be the same. Your solution is reasonable in an untrusted environemnt. It would be a bit more complicated if you were running trusted servers. One possible solution to consider is setting up one node as an NIS (or NIS+) master server and the other as a slave server. That way, the hosts, services, passwd, group, ... entries would always be in sync.

Clay
If it ain't broke, I can fix that.
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎12-28-2001 10:56 AM

‎12-28-2001 10:56 AM

Re: MC ServiceGuard /etc/passwd ?

Hi Neil,

As others say, the users of packages that fail over must be able to login on both systems so they need to be able to be authenticated by both systems. That could be with a manual rcp of the password file but NIS would be better (how does one know which system's passwd file is the master since a user could change his password on either system). Don't forget about /etc/group, /etc/profile, and home directories (which may be nothing more than customized .profile files).

Yes, you can have unique users on each system. However, the users of the packages should be connecting to the package IP address (or hostname) and don't know or care which server they are running on. They just want the app and data to be available. They need to have the same uid and gid on both systems.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
Reply
Sridhar Bhaskarla
Honored Contributor

‎12-28-2001 11:23 AM

‎12-28-2001 11:23 AM

Re: MC ServiceGuard /etc/passwd ?

Neil,

MC/ServiceGuard and /etc/password are not related. So, you can safely use your rcp functionality to sync up the password files. I would suggest to go with NIS but it will be complicated for a simple password sync.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.