LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   AIX (https://www.linuxquestions.org/questions/aix-43/)
-   -   How to sychronize user accounts - All time monitor (https://www.linuxquestions.org/questions/aix-43/how-to-sychronize-user-accounts-all-time-monitor-766145/)

antonis_m 11-02-2009 01:48 AM
How to sychronize user accounts - All time monitor
 
Hi all,

I'm not sure if what i need is possible. I'm trying to sycronize user accounts between the live site and DR site. Unfortunately we do not use any of the well known effective apps (LDAP, Active Directory). We have about 3000 users working for the bank which are required to change passwd every 10 days. How can i make sure that user accounts will stay sychronized at any time. Cron @ every 5 min is my best option? is there a way to monitor passwd file at all time and when the command passwd is called my script will act accortingly?

I tried to use a custom passwd command that will overwrite the /bin/passwd command to suit my needs. (Dissaster!!! it didn't work)

So i'm left with a custom deamon that calls rsync all time and if there is a change it will update. (To much I/O) and i'm not sure what the side effects will be.

Do you know of any alternative solution?

Thanks in advance.

cantab 11-02-2009 05:56 AM
I know nothing about AIX, but I have a less-technical idea: can you tell the users to run a different command to change their password? Then you make that command do whatever you need it to do.

looseCannon 11-03-2009 03:24 PM
There are 5 files that contain all of the information about user accounds in AIX. You **could** copy the files to the DR system on a regular basis to keep the accounts in synch. I've done this for a couple of systems before. Keep in mind, that if this hiccups just a little bit there is potential to have a system you cannot log into so you will want to make this as bullet proof as possible.

The 5 files are

/etc/group
/etc/passwd
/etc/security/group
/etc/security/passwd
/etc/security/user

!!!!!MAKE BACKUPS, MAKE BACKUPS, MAKE BACKUPS, MAKE BACKUPS, MAKE BACKUPS!!!!!

antonis_m 11-04-2009 12:55 AM
Thanks looseCannon

Seems that this is my best option.

I tried it up and it works fine when i include all the files you list.
First time i tried it i couldn't log on to the system (Just like you said!!). Offcourse i had a backup even though i was testing it on the development machine. I think i will follow this solution.

I'm thinking of some alternatives that i have no expirience with.

1. A NIS server (also known as yellow pages). Sounds like a good solution but i'm not sure about security and if it can handle so many users (3000).

2. Kerberos ???

Thanks again appriciate all the help


All times are GMT -5. The time now is 10:14 PM.