Igal Iancu writes...
> On the same note, has anyone written a password changing program that will
> do both NIS and AFS change without having to type the password 4 times
> + some proper checking? Probably the best way is to use "expect", but
> before we re-invent the wheel... ;-)
We maintain consistency between the AFS password and the (encrypted)
password stored in /etc/passwd by replacing /bin/passwd with a perl
script which uses sysctl to talk to a trusted machine (one of our AFS
database servers). On the backend, another perl script is used to
update the password in both places (AFS Kerberos DB and /etc/passwd).
sysctl assures that the process is secure.
This mechanism could be extended to use NIS; we don't use NIS. We
propogate /etc/passwd to all our machines via our software
distribution mechanism.
Cheers,
----------------------------------------------------------
Michael S. Fagan | IBM Research
[EMAIL PROTECTED] | http://www.watson.ibm.com/~mfagan
----------------------------------------------------------
