Aleksey Tsalolikhin wrote: > On Sun, Apr 4, 2010 at 10:26 AM, Leon Towns-von Stauber > <[email protected]> wrote: >> ... we aborted a project to extend LDAP to our production systems, >> going with local files distributed via cfengine (200-300 hosts) ... >> You have to do some minor contortions to manage >> passwords and to have different lists of accounts on different systems, >> but otherwise it's a lot simpler than LDAP and has been more reliable so >> far. > > Hi, Leon. I'd like to hear more about your cfengine solution, please. > Are you distributing /etc/passwd, /etc/shadow and /etc/group, or have you > configured PAM to use some kind of supplementary passwd, shadow and group > files which are subject to distribution by cfengine?
Also, if you use cfengine to push shadow, how do you deal with password changes? -- Yves. http://www.SollerS.ca/ gmail, jabber, LiveJournal, nimbuzz, ovi, dreamhost xim.ca: xmpp:[email protected] _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
