Re: Sync users and their pwds between the trusted systems (146 Views)
Reply
Regular Advisor
Posts: 159
Registered: ‎02-28-2008
Message 1 of 5 (146 Views)
Accepted Solution

Sync users and their pwds between the trusted systems

Hi all,

HP-UX 11iv2
We have configured the DR environment for the production boxes. We want to sync the user name and passwords from primary to DR automatically. Both the systems are trusted. How can I accomplish with the best method?
Note: We don't use NIS, NIS+ so please ignore this option.

Thanks,
Srini
Honored Contributor
Posts: 5,920
Registered: ‎03-21-2002
Message 2 of 5 (146 Views)

Re: Sync users and their pwds between the trusted systems

With two root sessions on required boxes. tar ball of /home/, /etc/passwd, /etc/group and /tcb dirs should do it all.
There is no substitute to HARDWORK
Honored Contributor
Posts: 623
Registered: ‎04-19-2003
Message 3 of 5 (146 Views)

Re: Sync users and their pwds between the trusted systems

I have the same issue on a ServiceGuard clusters on which I need a way to synchronize local accounts, especially those whose passwords can change over time.

I ended up writing a small daemon that greps out the relevant entries from /etc/passwd and /etc/shaddow each 10 seconds and saves them somewhere in a filesystem which is part of the packaged application. When I start the package on another node, a control script synchronizes the local accounts with whatever is in these files. It's clumsy, but it works.

If you do this, be careful to lock /etc/passwd and /etc/shadow correctly before modifying them. 11iv3 also lets you put an encrypted password directly on the command line with usermod, which is safer than modifying the files directly.

Good luck
Regular Advisor
Posts: 159
Registered: ‎02-28-2008
Message 4 of 5 (146 Views)

Re: Sync users and their pwds between the trusted systems

Will there be any result in a damaged/corrupted file, thus preventing access to a server or some/all users if we copy the password related files from one system to another using tar copy or rsync or rdist?

And also which is the proven one other than NIS?

Thanks,
Srini.
Honored Contributor
Posts: 14,280
Registered: ‎05-29-2000
Message 5 of 5 (146 Views)

Re: Sync users and their pwds between the trusted systems

> Will there be any result in a damaged/corrupted file, thus preventing access to a server or some/all users if we copy the password related files from one system to another using tar copy or rsync or rdist?

No more so than copying any file from system to system. Of course you will want to add checksums to ensure accurate copies. The simplest is to checksum the tarball. More thorough (and more scripting) is to checksum every file. I would add the /etc/default/security file to your list of files so global rules are the same in all systems.

> And also which is the proven one other than NIS?

Not sure what "proven" means. Many SA's use this method to sync multiple systems quite successfully. As always, be sure to have a root window (or two) open at the same time on a target machine to make sure everything works OK. And of course backup all the same target files and save them in case to need to revert back.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.