11-01-2009 10:49 PM
We have configured the DR environment for the production boxes. We want to sync the user name and passwords from primary to DR automatically. Both the systems are trusted. How can I accomplish with the best method?
Note: We don't use NIS, NIS+ so please ignore this option.
Solved! Go to Solution.
11-02-2009 01:03 AM
11-02-2009 06:32 AM
I ended up writing a small daemon that greps out the relevant entries from /etc/passwd and /etc/shaddow each 10 seconds and saves them somewhere in a filesystem which is part of the packaged application. When I start the package on another node, a control script synchronizes the local accounts with whatever is in these files. It's clumsy, but it works.
If you do this, be careful to lock /etc/passwd and /etc/shadow correctly before modifying them. 11iv3 also lets you put an encrypted password directly on the command line with usermod, which is safer than modifying the files directly.
11-23-2009 02:45 AM
And also which is the proven one other than NIS?
11-23-2009 08:01 AM
No more so than copying any file from system to system. Of course you will want to add checksums to ensure accurate copies. The simplest is to checksum the tarball. More thorough (and more scripting) is to checksum every file. I would add the /etc/default/security file to your list of files so global rules are the same in all systems.
> And also which is the proven one other than NIS?
Not sure what "proven" means. Many SA's use this method to sync multiple systems quite successfully. As always, be sure to have a root window (or two) open at the same time on a target machine to make sure everything works OK. And of course backup all the same target files and save them in case to need to revert back.