I have contemplated, but was not sure if this would be something of interest...
A service dedicated to synchronizing credentials for those using synchronized local credentials. The behavior would be: -It would be aware of system accounts versus user accounts, and accordingly leave system accounts (those created by rpms) alone with respect to uid/gid, fully synchronizing user accounts -Include an option for stub shadow entries versus passwords, for environments confidently using key based authentication that want to opt out of compute nodes being able to do password authentication -It would inotify watch the key files (passwd, shadow, group) to induce a sync action, no need to explicitly sync at some interval, it would naturally react to passwd/useradd/etc. I have not given it much thought beyond the above three sentences. If this already exists, cool, if it doesn't but is not a wanted thing, ok. Otherwise, let me know if there is some sort of interest. The simplest form of this would be a single server to monitor and have a list of nodes to push to, to avoid confusion about which is the authoritative copy. Given the relatively little time I've thought about this, don't be surprised if I'm missing some glaring huge problem. -----Original Message----- From: Christian Caruthers <[email protected]> Sent: Tuesday, June 19, 2018 10:16 AM To: xCAT Users Mailing list <[email protected]> Subject: Re: [xcat-user] [External] What is the best way for changing/maintain users/groups/passwords for the computing nodes? Some suggestions: Rather than sync'ing the passwd, group, and shadow files to the systems, use a postscript to simply appended what you need to those files. Set the xCAT management node up as an NIS server. Set up ansible on xCAT MN to manage/create user accounts. Connect to LDAP or AD domain. Regards, Christian Caruthers Lenovo Professional Services Mobile: 757-289-9872 -----Original Message----- From: Daniel Hilst Selli <[email protected]> Sent: Monday, June 18, 2018 12:56 To: xCAT Users Mailing list <[email protected]> Subject: [External] [xcat-user] What is the best way for changing/maintain users/groups/passwords for the computing nodes? Hi! I had a problem where I couldn't login to a computing node with the password contained at system key of passwd table. I search in the internet for options on setting password for xcat. The documentation says chtab key=system passwd.username=root passwd.password=abc123 But I don't really understand how this password would get to /etc/shadow of the computing nodes. Changing the password and reboot stateless node doesn't has effect, the node keep using the old password and passwd table and nodes /etc/shadow are out of sync. I saw people on internet synchronizing /etc/{group,shadow,passwd} from management node, but if this is the case, what is the point of the system key on passwd table? Any suggestion on how to handle computing node users will be appreciated! Regards, ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
