LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Sync /etc/passwd and shadow files (https://www.linuxquestions.org/questions/linux-software-2/sync-etc-passwd-and-shadow-files-621437/)

MikeyCarter 02-15-2008 02:51 PM
Sync /etc/passwd and shadow files
 
Most of my family is on Linux. I've created a standard install for all our computer using revisor. My problem is passwords.

If my sister reset's her password on her computer then goes to my parents house and uses my Mom's computer, what password does she use?

I looked at ypserv which was promising until you considered most of the computers I'm dealing with are laptops. I could set up slaves but then it would require a manual intervention every time a computer is added to the list. Also the info is transmitted as clear text, syncing across the internet wouldn't work well at all. Also where do I host it?

So I looked at LDAP and it's more promising as far as security but offline laptops become a problem. How does a laptop, disconnected from the internet, authenticate. Or where to host it. I haven't as of yet found a LDAP service provider.

Not to mention with NetworkManager the network connection is not started until after the user logs in anyways.

I think my only option is to sync the passwd and shadow files with a central secure web server somewhere. (only users above UID 1000)

Is there any programs out there for merging two passwd/shadow files together? or does anyone have any recommendations?

sundialsvcs 02-15-2008 07:02 PM
You certainly :tisk: [u]do[u] not :tisk: want to do anything with "/etc/passwd vs. shadow!"

Bad dog! No biscuit!

(Or if you prefer: "Abandon all hope, ye who enter here.")

On a standard Linux setup, "each computer is the master of its own world," so if your sister changes her password on her machine, then on her machine "it is changed." But, nowhere else.

Yes, you can do what many offices actually do, and set up an LDAP server and configure Linux to consult that server (instead of the shadow-files) to authenticate logins. The LDAP-server would have to be one computer that you know is always on-line, and beware, because it would be difficult for any computer to log-in anywhere if that server isn't there. It would also be impossible to grab that laptop and take it "away."

So... maybe the best thing to do is to make peace with your sister, or let her do what she will. Unless you want to set-up and learn about the configurations that large business networks sometimes do use. It might be a useful exercise, but it's going to affect everyone else in your family.

MikeyCarter 02-15-2008 07:35 PM
Figures there is always one in the crowed.

Dinithion 02-16-2008 02:22 AM
You could configure the ldap client to search ldap for authentication first, and if it fails go back and use /etc/passwd (This should only be added for a backup way of login, not a separate way). I wouldn't want to do that. If you don't have a dedicate a machine to be ldap server, it would just be annoying. So i general, if you wont bother have your ldap-server always on, then you don't really need it (Most likely you don't). Its practical and fun to set up, but if password centralization for a few computers is the only motive it's not worth the trouble :)


All times are GMT -5. The time now is 04:34 PM.