LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 02-15-2008, 02:51 PM   #1
MikeyCarter
Member
 
Registered: Feb 2003
Location: Orangeville
Distribution: Fedora
Posts: 449

Rep: Reputation: 31
Question Sync /etc/passwd and shadow files


Most of my family is on Linux. I've created a standard install for all our computer using revisor. My problem is passwords.

If my sister reset's her password on her computer then goes to my parents house and uses my Mom's computer, what password does she use?

I looked at ypserv which was promising until you considered most of the computers I'm dealing with are laptops. I could set up slaves but then it would require a manual intervention every time a computer is added to the list. Also the info is transmitted as clear text, syncing across the internet wouldn't work well at all. Also where do I host it?

So I looked at LDAP and it's more promising as far as security but offline laptops become a problem. How does a laptop, disconnected from the internet, authenticate. Or where to host it. I haven't as of yet found a LDAP service provider.

Not to mention with NetworkManager the network connection is not started until after the user logs in anyways.

I think my only option is to sync the passwd and shadow files with a central secure web server somewhere. (only users above UID 1000)

Is there any programs out there for merging two passwd/shadow files together? or does anyone have any recommendations?
 
Old 02-15-2008, 07:02 PM   #2
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,401

Rep: Reputation: 1120Reputation: 1120Reputation: 1120Reputation: 1120Reputation: 1120Reputation: 1120Reputation: 1120Reputation: 1120Reputation: 1120
You certainly [u]do[u] not want to do anything with "/etc/passwd vs. shadow!"

Bad dog! No biscuit!

(Or if you prefer: "Abandon all hope, ye who enter here.")

On a standard Linux setup, "each computer is the master of its own world," so if your sister changes her password on her machine, then on her machine "it is changed." But, nowhere else.

Yes, you can do what many offices actually do, and set up an LDAP server and configure Linux to consult that server (instead of the shadow-files) to authenticate logins. The LDAP-server would have to be one computer that you know is always on-line, and beware, because it would be difficult for any computer to log-in anywhere if that server isn't there. It would also be impossible to grab that laptop and take it "away."

So... maybe the best thing to do is to make peace with your sister, or let her do what she will. Unless you want to set-up and learn about the configurations that large business networks sometimes do use. It might be a useful exercise, but it's going to affect everyone else in your family.
 
Old 02-15-2008, 07:35 PM   #3
MikeyCarter
Member
 
Registered: Feb 2003
Location: Orangeville
Distribution: Fedora
Posts: 449

Original Poster
Rep: Reputation: 31
Figures there is always one in the crowed.
 
Old 02-16-2008, 02:22 AM   #4
Dinithion
Member
 
Registered: Oct 2007
Location: Norway
Distribution: Slackware 14.1
Posts: 443

Rep: Reputation: 56
You could configure the ldap client to search ldap for authentication first, and if it fails go back and use /etc/passwd (This should only be added for a backup way of login, not a separate way). I wouldn't want to do that. If you don't have a dedicate a machine to be ldap server, it would just be annoying. So i general, if you wont bother have your ldap-server always on, then you don't really need it (Most likely you don't). Its practical and fun to set up, but if password centralization for a few computers is the only motive it's not worth the trouble
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Want to script a way to sync htpasswd with passwd and shadow happyjack Linux - Server 1 11-28-2007 10:40 AM
Moving /etc/passwd and /etc/shadow john8675309 Linux - Software 1 01-24-2005 08:44 PM
Passwd and Shadow files synchronisation sandras Linux - Software 3 08-04-2004 10:09 AM
splitting up the passwd and shadow files Burgin Linux - General 1 07-26-2004 09:39 PM
/etc/passwd or /etc/shadow? tiger7007 Linux - Security 2 03-21-2004 04:41 AM


All times are GMT -5. The time now is 03:37 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration