Synchronizing passwords between hosts

Adalbert Prokop adalbert.prokop at gmx.de
Mon Jun 18 19:27:24 UTC 2007


Eric wrote on Monday 18 June 2007:

> What is the "right" way to synchronize passwords between hosts?

I would say NIS or LDAP, but those are services which provide 
authentication over network. NIS is rather easy to manage but if you like 
it more painful (and more secure) you can try LDAP. ;-)

> There are two machines set up, one FC6 and one F7, and I'd like any
> password changes on one to also show up on the other.

Another option would be: use rsync + ssh with public key authentication to 
copy passwd+shadow from one host to another. But it will not "sychronize" 
changes, it will simply overwrite user and password information. If both 
machines have homogeneous users AND services it might work. There are 
several system accounts which will be affected with this approach. I 
would NOT recommend it.

> Does it make sense to try to NFS-mount /etc/shadow from one machine on
> the other?

You can't mount a single file, only directories. You would rather have to 
mount whole /etc, which clearly is a dodgy idea for anything besides 
diskless workstations.

Would ssh and public key authentication not be enough for you?

What do you need it for?

-- 
bye,
Adalbert Prokop

If the grass is greener on other side of fence, consider what may be 
fertilizing it.




More information about the users mailing list