[CentOS] etc passwd and groups file

Wed Jul 29 16:07:35 UTC 2009
jacob at aers.ca <jacob at aers.ca>

Pushing passwd, group and shadow files can just be scripted to scp them
from one master machine to all the client nodes. an ssh key can be used
with the private key only existing on the master node so only it can
push out changes (protect it with your life as this has the potential to
be a nasty hole) on a regular basis. remove passwd from all slave nodes
and replace it with a script that either says to go to the master and
change their password there or have it feed their input to the master
via an ssh tunnel to have the change made.

I see by Lustre's site that is supports MIT kerberos for authentication.
this would be better then pushing out shadow, you would still need a
tool to push out user id's though, ldap could handle this part as they
are typically handled together, and if Lustre recognizes PAM then it
should be transparent to it. 

A quick google search shows that Googlecode.com has a document
suggesting ldap and kerb.

-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
Behalf Of Carlos Santana
Sent: Wednesday, July 29, 2009 8:46 AM
To: CentOS mailing list
Subject: Re: [CentOS] etc passwd and groups file

I intend to install lustre file system on the systems.  It does not
support LDAP and need to have etc passwd/groups database. All file
system clients need to have  same passwd and groups so that UID and
GID are the same when they contact file system server. So I am not
sure, how will I manage this. Any suggestions?


On Wed, Jul 29, 2009 at 10:38 AM, John R Pierce<pierce at hogranch.com>
> Carlos Santana wrote:
>> Hi,
>> I need to maintain a same user/group list on multiples systems. Can
>> just copy the same passwd and groups file on all machines?
>> If we create a new user on one system then I will need to copy this
>> all other systems. This is quite cumbersome. Any suggestions?
> the old fashion way of doing this was NIS ... but I'm with everyone
> in saying go with LDAP directory services, and further, use a NFS
> automount for their home directories.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list
CentOS at centos.org