Re: Sync users and their pwds between the trusted systems (96 Views)
Reply
Regular Advisor
Srinikalyan
Posts: 159
Registered: ‎02-28-2008
Message 1 of 5 (96 Views)
Accepted Solution

Sync users and their pwds between the trusted systems

Hi all,

HP-UX 11iv2
We have configured the DR environment for the production boxes. We want to sync the user name and passwords from primary to DR automatically. Both the systems are trusted. How can I accomplish with the best method?
Note: We don't use NIS, NIS+ so please ignore this option.

Thanks,
Srini
Please use plain text.
Honored Contributor
RAC_1
Posts: 5,920
Registered: ‎03-21-2002
Message 2 of 5 (96 Views)

Re: Sync users and their pwds between the trusted systems

With two root sessions on required boxes. tar ball of /home/, /etc/passwd, /etc/group and /tcb dirs should do it all.
There is no substitute to HARDWORK
Please use plain text.
Honored Contributor
Olivier Masse
Posts: 623
Registered: ‎04-19-2003
Message 3 of 5 (96 Views)

Re: Sync users and their pwds between the trusted systems

I have the same issue on a ServiceGuard clusters on which I need a way to synchronize local accounts, especially those whose passwords can change over time.

I ended up writing a small daemon that greps out the relevant entries from /etc/passwd and /etc/shaddow each 10 seconds and saves them somewhere in a filesystem which is part of the packaged application. When I start the package on another node, a control script synchronizes the local accounts with whatever is in these files. It's clumsy, but it works.

If you do this, be careful to lock /etc/passwd and /etc/shadow correctly before modifying them. 11iv3 also lets you put an encrypted password directly on the command line with usermod, which is safer than modifying the files directly.

Good luck
Please use plain text.
Regular Advisor
Srinikalyan
Posts: 159
Registered: ‎02-28-2008
Message 4 of 5 (96 Views)

Re: Sync users and their pwds between the trusted systems

Will there be any result in a damaged/corrupted file, thus preventing access to a server or some/all users if we copy the password related files from one system to another using tar copy or rsync or rdist?

And also which is the proven one other than NIS?

Thanks,
Srini.
Please use plain text.
Honored Contributor
Bill Hassell
Posts: 14,200
Registered: ‎05-29-2000
Message 5 of 5 (96 Views)

Re: Sync users and their pwds between the trusted systems

> Will there be any result in a damaged/corrupted file, thus preventing access to a server or some/all users if we copy the password related files from one system to another using tar copy or rsync or rdist?

No more so than copying any file from system to system. Of course you will want to add checksums to ensure accurate copies. The simplest is to checksum the tarball. More thorough (and more scripting) is to checksum every file. I would add the /etc/default/security file to your list of files so global rules are the same in all systems.

> And also which is the proven one other than NIS?

Not sure what "proven" means. Many SA's use this method to sync multiple systems quite successfully. As always, be sure to have a root window (or two) open at the same time on a target machine to make sure everything works OK. And of course backup all the same target files and save them in case to need to revert back.
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation