HPE Community
Operating System - HP-UX
1834709 Members
2514 Online
110069 Solutions
New Discussion

Passwd total management

 
SOLVED
Go to solution
Lee Tae-kyung
Regular Advisor

‎03-14-2003 05:00 PM

‎03-14-2003 05:00 PM

Passwd total management

Hi~~
Nice to meet you in net!
I want to do the total management of root's passwd in many unix systems.
It is difficult for me to change root's passwd with about 50 unix systems-HP,Sun-.

Please, help me....

Sincerely yours
I think I am a specialist in IT Korea^^. I am a programmer and SE and DBA
0 Kudos
Reply
9 REPLIES 9
Pete Randall
Outstanding Contributor

‎03-14-2003 05:05 PM

‎03-14-2003 05:05 PM

Re: Passwd total management

Basically, I see 4 choices available to you.

1) Implement NIS or NIS+ - it can be complex and hard to administer but it's a proven solution used widely.

2) Enable rcp/remsh functionality and write a simple script to propagate passwd files to all the servers. This approach has the inherent security flaw of utilizing the "r" commands.

3) Delegate responsibility to others through sudo or restricted SAM.

4) Continue as you have been.


Pete

Pete
0 Kudos
Reply
Ross Zubritski
Trusted Contributor

‎03-14-2003 05:08 PM

‎03-14-2003 05:08 PM

Re: Passwd total management

How about LDAP?

Regards,

RZ
0 Kudos
Reply
Lee Tae-kyung
Regular Advisor

‎03-14-2003 05:20 PM

‎03-14-2003 05:20 PM

Re: Passwd total management

Thanks for your answers...
I thinked above solutions.
But, Above solutions are complex and have a little problem.
So, In the concrete I want to access this problem with shell script.

Did anyone experience this problem?

Sincerely yours...^^
I think I am a specialist in IT Korea^^. I am a programmer and SE and DBA
0 Kudos
Reply
Ross Zubritski
Trusted Contributor

‎03-14-2003 05:22 PM

‎03-14-2003 05:22 PM

Re: Passwd total management

It can be done with shell, however, to Pete's point get rid of the dreaded "R" commands. Use secure shell.

Regards,

RZ
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎03-14-2003 05:38 PM

‎03-14-2003 05:38 PM

Re: Passwd total management

We had NIS running which centralizes the user account management however since root account resides locally on the each client machine, we had a process to update the local passwd file everytime the root password changes quarterly. The mechanism that we use to update the password files is just plain shell script I think. In your case if you do not want to implement NIS you can consider using rsync (which is a file transfer/synchronization tool that we use to synchronizes some other files across the network). Along with that if you want to use this tool ssh is recommended for added security. Take a look at this example on how this can be achieve.
http://www.unixadm.net/howto/rsync-ssh.html
0 Kudos
Reply
Lee Tae-kyung
Regular Advisor

‎03-14-2003 06:12 PM

‎03-14-2003 06:12 PM

Re: Passwd total management

Thanks for your answer.
But rsync command is used when the passwd files of our servers is same.
Our passwd files of servers is not same.

Best regards~~
I think I am a specialist in IT Korea^^. I am a programmer and SE and DBA
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎03-14-2003 08:36 PM

‎03-14-2003 08:36 PM

Solution

Re: Passwd total management

It sounds like a script solution is what you're looking for. Take a close look at Robin's script in this thread. It may be just what you need. You want to make sure you test it thoroughly before implementing it since you got non-HP boxes.
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xbdb6cf38d6bdd5118ff10090279cd0f9,00.html
Hope this help ..
Reply
Steven E. Protter
Exalted Contributor

‎03-15-2003 07:55 PM

‎03-15-2003 07:55 PM

Re: Passwd total management

Two suggestions:

1) LDAP, then your users will be authenticatec by your network primary domain controller(PDC).

This still leaves you with 50 root passwords to deal with.

I don't like NIS, but thats a personal problem. Next, I'd susggest ssh which replaces remesh/rcp. After exchanging public keys, you only need to regularly remember the root password to one system then ssh nextsystemname and you're there no passsword.

below is a link to the software and attached is Chris Vales' guide to generating and exchanging public keys.

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Lee Tae-kyung
Regular Advisor

‎03-16-2003 06:48 PM

‎03-16-2003 06:48 PM

Re: Passwd total management

Thanks for S.K answers...
I did.


Have a good day~~
I think I am a specialist in IT Korea^^. I am a programmer and SE and DBA
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.