[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: distributed login.conf

Quoting Antoine Jacoutot (ajacoutot_(_at_)_lphp_(_dot_)_org):
> I have a working setup for centralized authentication using
> NIS+Heimdal, and I was wondering if there was a way to distribute
> /etc/login.conf and /etc/login.conf.db to all my OpenBSD servers
> (using NIS if possible) ? I'm running OpenBSD-3.4-STABLE

NIS is too easily spoofable.  Especially when you go
between LANs (segments and such).
Push methods include rdist (+ ssh), rsync.

if they share a file system (/usr/local or whatever) a cron
job kicking off a script could run cfengine scripts;
it could run CVS or SUP to get login.conf and make to build it.

There have been several tools put out to keep machines in sync.
SUP, CVS, Depot, rdist and rsync are just a couple of the more
well known ones.

Visit your host, monkey.org