On Fri, 2 Jan 2015 13:44:36 +0100 Ingo Schwarze <[email protected]> wrote:
>Hi Brian, > >Brian Empson wrote on Fri, Jan 02, 2015 at 06:52:40AM -0500: > >> I'm looking into a way to sync up group and user information across >> a network of OpenBSD machines. I like YP, except that I don't need >> the password hashes transferred across the network. I like that it's >> built right into the base install, are there better ways to handle >> synchronizing login details across multiple machines that is built >> into the base install? Preferably written by the OpenBSD team, too? > >http://www.openbsd.org/faq/faq10.html#Dir > >Yours, > Ingo > With ssh keys for root setup between the 'master' box and the rest of your machines, something as simple as this can be fairly effective in a small environment. All changes to users and passwords will need to happen on the master though, and this will need to be run afterward to sync them. CUT================================================================== #!/bin/bash list=( /etc/passwd /etc/group /etc/shadow /etc/gshadow ) while read host; do ( for (( i = 0; i < ${#list[*]}; i++ )); do scp ${list[$i]} ${host}:${list[$i]} || { echo "scp ${list[$i]} ${host}:${list[$i]} failed" } done & ) & done < list-of-additional-hosts.txt CUT================================================================== This reads a list of hosts, one host per line (could use /etc/hosts with some parsing), then for each host spawns a subprocess in parallel, and scp's all the files to each host in parallel. disclaimer - I just typed this and didn't actually test it, but I've done similar in small linux cluster configurations. You'll write a more complete and robust one of course, but you can see the idea here. You may want to consider automounting everyone's $HOME from a network location as well, so everyone's stuff is available everywhere. Doing that securely is a matter for additional debate though. -- Regards, Christopher Barry Random geeky fortune: Fourth Law of Thermodynamics: If the probability of success is not almost one, it is damn near zero. -- David Ellis
