LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-29-2004, 11:00 AM   #1
jwolter0
LQ Newbie
 
Registered: Apr 2004
Location: Cleveland, OH
Posts: 11

Rep: Reputation: 0
Shadow passwords different on each machine (Fedora Core 1)


I'm setting up a small compute cluster and am looking to have a simple password management system for my users. A colleague of mine uses a really simple scheme under Red Hat 7.3: when a user changes his/her password on the master node, an automated script copies the /etc/shadow file to all the worker nodes. However, based on my (limited) experience with Fedora Core 1, I don't think this will work for me. I'm finding that the ciphertext in my /etc/shadow files is different on each machine for the same password. Is there a difference in the way shadow passwords are implemented between the two distros? Is there a setting I can alter? Any other advice?

TIA,
John
 
Old 04-30-2004, 02:26 AM   #2
320mb
Senior Member
 
Registered: Nov 2002
Location: pikes peak
Distribution: Slackware, LFS
Posts: 2,577

Rep: Reputation: 48
Re: Shadow passwords different on each machine (Fedora Core 1)

Quote:
Originally posted by jwolter0
A colleague of mine uses a really simple scheme under Red Hat 7.3: when a user changes his/her password on the master node, an automated script copies the /etc/shadow file to all the worker nodes.

TIA,
John
well think of it like this..........
if someone "r00ted" one box on your "network"
if /etc/shadow was the same on all your boxes......
the rest of them could be r00ted also............

your colleague might regret his set up at some future point
in time........!!
 
Old 04-30-2004, 01:33 PM   #3
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Yes there's a difference. I think RH 7.3 used DES to encrypted the passwords. Newer RH's use MD5, as far as I can tell. There's also a per-machine "salt", so the result is that each machine will hash the same password differently.
 
Old 04-30-2004, 01:59 PM   #4
jwolter0
LQ Newbie
 
Registered: Apr 2004
Location: Cleveland, OH
Posts: 11

Original Poster
Rep: Reputation: 0
Thanks for the info!

Anyone have any suggestions for managing passwords for the same user account on a large number of machines. I don't want to make my users change their password manually on 20+ different machines.
 
Old 04-30-2004, 04:33 PM   #5
Blinker_Fluid
Member
 
Registered: Jul 2003
Location: Clinging to my guns and religion.
Posts: 683

Rep: Reputation: 63
Quote:
Originally posted by jwolter0
Thanks for the info!

Anyone have any suggestions for managing passwords for the same user account on a large number of machines. I don't want to make my users change their password manually on 20+ different machines.
There is always NIS...

I've actually seen people copy /etc/passwd, /etc/shadow, and /etc/group to multiple machines to sync up the passords. (mostly redhat 7.3 or Redhat 8,9) However there are differences in the passwords between 7.3 and 8 so you can't copy a shadow file from a 7.3 box to a 8 box or you loose things like SSH. As long as all the machines are the same version I think it will work.
When in doubt back them up before doing it...
 
Old 05-02-2004, 05:38 AM   #6
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
I seriously doubt that two machines will be able to share the same shadow file, for the reason I mentioned above (machine specific "salt" value), but you're welcome to try and report the result.

Kerberos is a rather popular option for synchronizing authentication for multiple machines. I believe OpenLDAP can also be used in a similar manner. NIS(+) is pretty horrible in my opinion and should be avoided if possible.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux passwords in /etc/shadow LouisR Linux - Newbie 4 01-16-2005 12:45 PM
shadow passwords help? SciYro Linux - Security 2 03-03-2004 05:11 AM
shadow passwords dtheorem Linux From Scratch 2 10-18-2003 11:40 PM
shadow passwords and mdf njnear Linux - Security 5 08-06-2003 03:41 PM
Am I using shadow passwords? keirobyn Linux - Newbie 1 01-28-2002 12:55 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration