HPE Community
Operating System - HP-UX
1832957 Members
2953 Online
110048 Solutions
New Discussion

Synchronization of password in MC/SG

 
yc_2
Regular Advisor

‎07-26-2000 07:53 PM

‎07-26-2000 07:53 PM

Synchronization of password in MC/SG

Hi,

Is there a way to synchronnise the password in real time for users in MC/SG environment beside using NIS service?


Thanks in advance,
YC
0 Kudos
Reply
5 REPLIES 5
Vladislav Demidov
Honored Contributor

‎07-26-2000 11:19 PM

‎07-26-2000 11:19 PM

Re: Synchronization of password in MC/SG


You can copy /etc/passwd file from one cluster node to the other using cron.
0 Kudos
Reply
Anthony Goonetilleke
Esteemed Contributor

‎07-26-2000 11:44 PM

‎07-26-2000 11:44 PM

Re: Synchronization of password in MC/SG

I once wrote a small C program to replace the passwd file on MCSG machines. It basically got the user password as ARGV and rcp'd to both machines and set it.
This way it was sync'd instantly. You can do this with a shell script as well but its a bit more insecure.

Minimum effort maximum output!
0 Kudos
Reply
John Palmer
Honored Contributor

‎07-27-2000 12:48 AM

‎07-27-2000 12:48 AM

Re: Synchronization of password in MC/SG

You could move /usr/bin/passwd elsewhere and replace it with a script/program that calls it on all servers in the cluster (or calls it locally and then distributes the updated /etc/passwd file).

This would probably have to be a root suid program (/usr/bin/passwd is already) because it could be called by any user.

You have to be careful when applying patches however, because a new passwd binary could be installed - overwriting your replacement.

Regards,
John
0 Kudos
Reply
Alan Riggs
Honored Contributor

‎07-27-2000 08:35 AM

‎07-27-2000 08:35 AM

Re: Synchronization of password in MC/SG

I agree that the best solution (if you wish to avoid NIS) is to write a program/script that distributes the passwd to both servers. I recommend, however, that you train your users to use a different password changing procedure rather than replacing the passwd binary. Tell them "use sync_passwd to keep your password synchronized across the cluster", then name your program appropriately.

This both protects you from having your program overwritten by patches/upgrades and preserves the capability to change passwd on only one system if you ever have a need to do so.
0 Kudos
Reply
Stephen Clark_1
New Member

‎07-31-2000 05:03 AM

‎07-31-2000 05:03 AM

Re: Synchronization of password in MC/SG

This may be highly unorthodox but please do not "flame" me as it works well for our environment.

We have a 2 node cluster where one box is serving as a database server (no one logs in here) and the 2nd, an application server. (everyone logs in here) On each server I have created a base /etc/passwd file with users that would need to log into each machine, i.e DBA, etc. This file is also copied to an "etc" directory on a volume that moves between both systems on the application package. The /etc/passwd file is replaced by a symbolic link to the location of this file i.e. /etc/passwd -> /u/etc/passwd. With the application package down I create that directory so that when the package is not running it still links to the same file.

When new accounts are created they are only created from the application package.

There are obvious drawbacks to this, as in what if someone in the base password file changes their password. Because our environment is small I can easily maintain those updates. You also need to remember to update the underlying password file in the event that the application package is still running when the password file is updated. This also does not work well for large clusters.

I'm in the process of changing this as I want to move to NIS as we are needing to maintain the passwords among several machines rather than 2.

Hope this helps.
-Steve
What's up with these cartoon characters??
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.