[gentoo-user] How to do account management across multiple Unix boxes?
Is there a term for the situation where you have one computer as the user account master and every other machine recognizes all user accounts that are specified on the master? I'm sure there's plenty of packages and documentation on how to do this, but I don't know what it's called, so I don't know where to start looking. Basically, I have one OpenBSD box and three gentoo boxes. I'd like to have the same user accounts on all of them, but not have to manually create them each time. Especially for dealing with Samba and NFS, it's nice to have consistent accounts. Given the name of a couple key packages and/or web links, I think I could figure the rest out. Thanks! Matt -- Matt Garman email at: http://raw-sewage.net/index.php?file=email -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to do account management across multiple Unix boxes?
On Wednesday 11 January 2006 13:51, [EMAIL PROTECTED] wrote: Is there a term for the situation where you have one computer as the user account master and every other machine recognizes all user accounts that are specified on the master? I'm sure there's plenty of packages and documentation on how to do this, but I don't know what it's called, so I don't know where to start looking. Basically, I have one OpenBSD box and three gentoo boxes. I'd like to have the same user accounts on all of them, but not have to manually create them each time. Especially for dealing with Samba and NFS, it's nice to have consistent accounts. Given the name of a couple key packages and/or web links, I think I could figure the rest out. openldap is one way kerberos is another (don't pick this one) nis or YP is another I prefer openldap, but be warned, all of these methods are fairly non-trivial depending on your experience level. maybe there's a way to do it with sama as well? Thanks! Matt -- Matt Garman email at: http://raw-sewage.net/index.php?file=email -- John Jolet Your On-Demand IT Department 512-762-0729 www.jolet.net [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to do account management across multiple Unix boxes?
NIS comes to mind and some recommended docs are: http://www.linux-nis.org/nis-howto/HOWTO/NIS-HOWTO.html http://gentoo-wiki.com/HOWTO_Setup_NISOn 1/11/06, John Jolet [EMAIL PROTECTED] wrote:On Wednesday 11 January 2006 13:51, [EMAIL PROTECTED] wrote: Is there a term for the situation where you have one computer as the user account master and every other machine recognizes all user accounts that are specified on the master? I'm sure there's plenty of packages and documentation on how to do this, but I don't know what it's called, so I don't know where to start looking. Basically, I have one OpenBSD box and three gentoo boxes.I'd like to have the same user accounts on all of them, but not have to manually create them each time.Especially for dealing with Samba and NFS, it's nice to have consistent accounts. Given the name of a couple key packages and/or web links, I think I could figure the rest out.openldap is one waykerberos is another (don't pick this one)nis or YP is anotherI prefer openldap, but be warned, all of these methods are fairly non-trivialdepending on your experience level. maybe there's a way to do it with sama as well? Thanks! Matt -- Matt Garman email at: http://raw-sewage.net/index.php?file=email --John JoletYour On-Demand IT Department512-762-0729www.jolet.net[EMAIL PROTECTED]-- gentoo-user@gentoo.org mailing list-- Shawn Singh
Re: [gentoo-user] How to do account management across multiple Unix boxes?
On Wednesday 11 January 2006 14:04, Shawn Singh wrote: NIS comes to mind and some recommended docs are: http://www.linux-nis.org/nis-howto/HOWTO/NIS-HOWTO.html http://gentoo-wiki.com/HOWTO_Setup_NIS Please be aware of the security issues surrounding nis. may not be a problem in your environment, but they are real. also, with ANY centralized sign-on/authentication methodology, it's VERY, VERY bad idea to have just one auth server. this goes for everything from nis to active directory (which is really just ldap). however, nis might be a good choice in your environment, despite the security issues, because if you make ALL of your machines nis slaves, and have them authenticate to themselves, if you nis master goes down, you can still get on the other boxes. Or you could just use rdist to fan out your /etc/shadow and /etc/passwd files ;) On 1/11/06, John Jolet [EMAIL PROTECTED] wrote: On Wednesday 11 January 2006 13:51, [EMAIL PROTECTED] wrote: Is there a term for the situation where you have one computer as the user account master and every other machine recognizes all user accounts that are specified on the master? I'm sure there's plenty of packages and documentation on how to do this, but I don't know what it's called, so I don't know where to start looking. Basically, I have one OpenBSD box and three gentoo boxes. I'd like to have the same user accounts on all of them, but not have to manually create them each time. Especially for dealing with Samba and NFS, it's nice to have consistent accounts. Given the name of a couple key packages and/or web links, I think I could figure the rest out. openldap is one way kerberos is another (don't pick this one) nis or YP is another I prefer openldap, but be warned, all of these methods are fairly non-trivial depending on your experience level. maybe there's a way to do it with sama as well? Thanks! Matt -- Matt Garman email at: http://raw-sewage.net/index.php?file=email -- John Jolet Your On-Demand IT Department 512-762-0729 www.jolet.net [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list -- Shawn Singh -- John Jolet Your On-Demand IT Department 512-762-0729 www.jolet.net [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to do account management across multiple Unix boxes?
On Wed, 2006-01-11 at 13:57 -0600, John Jolet wrote: Given the name of a couple key packages and/or web links, I think I could figure the rest out. openldap is one way kerberos is another (don't pick this one) nis or YP is another I prefer openldap, but be warned, all of these methods are fairly non-trivial depending on your experience level. A more trivial way to do it (although potentially insecure)... Setup on box as the 'master', and have a cron script scp the appropriate files to the other boxen. THis will keep consistency of name, passwd, uid,gid, home etc., etc. Not a solution for large or security consious environments, but a working solution for Home. -- Lares Moreau [EMAIL PROTECTED] | LRU: 400755 http://counter.li.org lares/irc.freenode.net | Gentoo x86 Arch Tester | ::0 Alberta, Canada Public Key: 0D46BB6E @ subkeys.pgp.net | Encrypted Mail Preferred Key fingerprint = 0CA3 E40D F897 7709 3628 C5D4 7D94 483E 0D46 BB6E signature.asc Description: This is a digitally signed message part
Re: [gentoo-user] How to do account management across multiple Unix boxes?
[EMAIL PROTECTED] schrieb: I'm sure there's plenty of packages and documentation on how to do this, but I don't know what it's called, so I don't know where to start looking. You either use NIS or nowadays might use LDAP. Alexander Skwar -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to do account management across multiple Unix boxes?
IMNSHO NIS is a big fat waste. I would strongly recommend against. it. =) It does simplify a number of things, and I honestly have never actually tried to make the LDAP integration work on BSD.Kerberos is not an account management tool - it is authentication management, I use it all the time, and even in small networks I prefer it to the 'straight' alternatives. OpenLDAP + Kerberos is pretty hot. I use this for my work network especially, and on my home network I use local accounts + kerberos. Gentoo has an LDAP howto here: http://www.gentoo.org/doc/en/ldap-howto.xmlI have a really horrible kerberos howto, but it may become less horrible in time: http://lateralis.imr-net.com/wiki/jms/KerberosFinally, most of where I started with all of this is here: http://www.ofb.net/~jheiss/krbldap/
Re: [gentoo-user] How to do account management across multiple Unix boxes?
Joshua Schmidlkofer schrieb: IMNSHO NIS is a big fat waste. I would strongly recommend against. it. Why? It's simple to setup and does what the OP wanted. PS: Please no HTML mails. Please no top posts. Alexander Skwar -- gentoo-user@gentoo.org mailing list
