HPE Community
Operating System - HP-UX
1847171 Members
6811 Online
110263 Solutions
New Discussion

syncronising passwords between 3 HP-UX 11.31 systems

 
Ross Morrison
New Member

‎07-15-2009 10:03 PM

‎07-15-2009 10:03 PM

syncronising passwords between 3 HP-UX 11.31 systems

Afternoon all, I have 3 identical rx6600's running 11.31 running some apps that require users to login via ssh. We have a production, reporting and dev/uat system. We have a window of about 20 minutes every night where all users are terminated. Can I simply copy the /etc/passwd & /etc/shadow files from the production system to the other 2 without causing issues.
We already have useradd and userdel scripts which keep the users up to date on all systems, but the users seem to have issues with keeping their passwords the same on all systems.

thanks
Ross
0 Kudos
10 REPLIES 10
Laurent Menase
Honored Contributor

‎07-15-2009 10:10 PM

‎07-15-2009 10:10 PM

Re: syncronising passwords between 3 HP-UX 11.31 systems

why not using ldap or niS
0 Kudos
Basheer_2
Trusted Contributor

‎07-15-2009 10:41 PM

‎07-15-2009 10:41 PM

Re: syncronising passwords between 3 HP-UX 11.31 systems

to keep it simple.

I will go with copying the /etc/passwd and the /etc/shadow passwords ( not worreid about their home dir contents).

ldap/nis takes too much time to setup/test/implement.
0 Kudos
Roopesh Francis_1
Trusted Contributor

‎07-15-2009 10:46 PM

‎07-15-2009 10:46 PM

Re: syncronising passwords between 3 HP-UX 11.31 systems

You need to copy /etc/passwd,/etc/shadow,/etc/group /tcb directory if your system is trusted and home directories.
Copy /etc/passwd â for adding new users to other two systems
Copy /etc/shadow,/tcb â to sync the passwd
Home directories â to get all the ssh keys and user data
/etc/group â to get all users primary and secondary group information.
I would suggest to only the newly added users to other two systems not all the users so that there will not any change in existing user information.
0 Kudos
Roopesh Francis_1
Trusted Contributor

‎07-15-2009 10:49 PM

‎07-15-2009 10:49 PM

Re: syncronising passwords between 3 HP-UX 11.31 systems

You need to copy /etc/passwd,/etc/shadow,/etc/group /tcb directory if your system is trusted and home directories.
Copy /etc/passwd - for adding new users to other two systems
Copy /etc/shadow,/tcb -to sync the passwd
Home directories -to get all the ssh keys and user data
/etc/group -to get all users primary and secondary group information.
I would suggest to only the newly added users to other two systems rather all the users so that there will not any change in existing user information.
0 Kudos
Michal Kapalka (mikap)
Honored Contributor

‎07-15-2009 10:56 PM

‎07-15-2009 10:56 PM

Re: syncronising passwords between 3 HP-UX 11.31 systems

hi,

the best idea is to implement NIS/LDAP,

because the accounts will be synchronized.

mikap
0 Kudos
D. Jackson_1
Honored Contributor

‎07-17-2009 06:18 AM

‎07-17-2009 06:18 AM

Re: syncronising passwords between 3 HP-UX 11.31 systems

Ross,

Try the attached script along with what you are already doing. You will need to modify a few variables towards the top for system names.
This is assuming your systems are trusted and depends on the accounts being in place.

Also you need to have an account with sudo root privs that can ssh to each system.

HTH
DCJ
0 Kudos
Olivier Masse
Honored Contributor

‎07-17-2009 06:53 AM

‎07-17-2009 06:53 AM

Re: syncronising passwords between 3 HP-UX 11.31 systems

Sure, you can copy these two files from a centralized location, assuming you don't need specific local accounts on specific to a server. Whatever yo do, be careful to not overwrite any of them with empty data (i.e. write resilient code), else you could end up hanging your server.

Also take care when copying and modifying /etc/shadow and /etc/passwd to keep any modification atomic, i.e. within one system call. Else you'll have problems with software that might forget who they're running under for a few milliseconds and this can be messy. Using "mv /etc/passwd.new /etc/passwd" works... but opening it up with sed to modify it directly is risky!

With 11.31 useradd and usermod now have the -F option to force modifications even if an account is in use, which is good for accounts such as oracle and root. Also -p lets you hand out an encrypted password on the command-line. Using these options, you can easily create a homemade script to distribute modifications from a centralized location, without needing to fiddle with /etc/passwd and /etc/shadow directly.

Good luck
0 Kudos
Vishu
Trusted Contributor

‎07-17-2009 11:42 AM

‎07-17-2009 11:42 AM

Re: syncronising passwords between 3 HP-UX 11.31 systems

hi Ross,

you can copy your /etc/passwd and /etc/shadown files without any issues. But to keep these files in sync or updated. i would recommend configuring NIS for it. even if configuring NIS takes time, as Basheer said, but you need to configure it once and your problem is solved for ever for such similar issues.
0 Kudos
Ross Morrison
New Member

‎07-23-2009 04:06 PM

‎07-23-2009 04:06 PM

Re: syncronising passwords between 3 HP-UX 11.31 systems

Thanks all,
the systems are not trusted but using Hp new userdb structure. I was wondering if I update the shadow file on one of the other systems from the prod system, will the userdb area get updated say if the passwd on the dev server had expired and the account was locked/

thanks
Ross
0 Kudos
Ross Morrison
New Member

‎10-06-2009 03:07 PM

‎10-06-2009 03:07 PM

Re: syncronising passwords between 3 HP-UX 11.31 systems

Thanks all, sorry its taken so long to close but I got pulled off onto another project. Decided to go with Olivier's solution, grepp'e the encrypted passwd's from the master system, put them into a test file with the login id, then used the usermod -f option on the other servers plus some userdbset commands to cater for locked accounts on the other servers. Just used this on non system accounts.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.