[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: distributed login.conf
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: distributed login.conf
- From: Chuck Yerkes <chuck+obsd_(_at_)_2003_(_dot_)_snew_(_dot_)_com>
- Date: Wed, 17 Dec 2003 13:20:04 -0500
Quoting Antoine Jacoutot (ajacoutot_(_at_)_lphp_(_dot_)_org):
> I have a working setup for centralized authentication using
> NIS+Heimdal, and I was wondering if there was a way to distribute
> /etc/login.conf and /etc/login.conf.db to all my OpenBSD servers
> (using NIS if possible) ? I'm running OpenBSD-3.4-STABLE
NIS is too easily spoofable. Especially when you go
between LANs (segments and such).
Push methods include rdist (+ ssh), rsync.
if they share a file system (/usr/local or whatever) a cron
job kicking off a script could run cfengine scripts;
it could run CVS or SUP to get login.conf and make to build it.
There have been several tools put out to keep machines in sync.
SUP, CVS, Depot, rdist and rsync are just a couple of the more
well known ones.