see more questions below?

Daniel Marsh wrote:
On 3/9/07, Noah <[EMAIL PROTECTED]> wrote:


I am trying to figure out the Best admininstrative way to do the

We have two FreeBSD 6.2 servers and want to keep the passwd files in
sync so all the same users can log into each machine, their UID's match,
and when the update the password on one machine the other machine gets
the password.  When we add the user to one machine then the other
machine has an additional user too.

What is the best scheme that we can devise to get this working
technically well?


A couple of things can be done...
The first, and longest existing method would be to use NIS between the two
machines where one machine acts as a server, the other as a client to that
server, if the server goes down, no-one can login. (I havn't investigated in
backup NIS servers as I don't like NIS)

yeah NIS does not feel like the right direction

The other option would be using LDAP (OpenLDAP), you'll install OpenLDAP on
both servers, one will act as a master, the other as a slave, each machine
will login against the ldap database running locally.
The master ldap will replicate to the slave to keep any user changes in tact
and up to date.
You'll need to install the pam_ldap and nss_ldap ports and may want to use
LDAP Account Manager (runs via PHP on Apache) to manage the user accounts.

so the users would not be locked out of the second server if the master LDAP server goes down, right?



Another option may be to use a versioning system, one machine has a
versioning repository, you import /etc/ into the versioning system (CVS or
Subversion), when you make a change on a server to passwd's etc... you
commit the change and check it out on the other machine, maybe even making
use of merging changes so if two people, one on each machine, change their
passwords and they both commit you don't lose one of the password changes.
_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to