managing user accounts without NIS
Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.
Peter Jay Salzman covenant at dirac.orgWed Jun 7 23:16:57 PDT 2000
- Previous message: managing user accounts without NIS
- Next message: managing user accounts without NIS
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
chris, i'm about to configure NIS on our cluster. i'd be very interested in hearing why your group is moving away from NIS. we have a very homogeneous 40 node cluster which is pretty secure at the moment. before continuing with the NIS howto, i'd love to hear your comments. :) pete > Date: Wed, 07 Jun 2000 23:12:36 -0500 > From: Chris Greer <cgreer1 at midsouth.rr.com> > To: Victor Ortega <vor+ at pitt.edu> > Cc: Beowulf mailing list <beowulf at beowulf.org> > Subject: Re: managing user accounts without NIS > > We are in the process of migrating away from NIS to an rsync based > system. We've got some scripts to help manage a centralized password > system but each machine only gets the specific "political groups" of > users that are assigned to it. You change password via a web interface. > I know this has some people probably cringing, I was myself on the idea > for a while, but the web interface allows us to take things a step > or two further. We are working on scripts that will also integrate > into the Novell/NT side of our Lan so that we truly have a single > account system. The PC side is still in the works, and obviously > if you are just reading this group for the beowulf aspects this > isn't important to you, but I deal not only with a beowulf type > setup from an admin perspective, but we also have 100+ UNIX servers > of varying flavors not including our 20 node cluster. > > Chris G. > > Another option we used at a previous site was a smart script that would > gather the password files from all the nodes, figure out if you changed > it on any of them, update the password map with the changed password, > and then re-push out the new passowrd map to all of the servers. It > ran once an hour, so that changes weren't immediate, but were propagated > in a reasonable time. Of course if you are using a beowulf for high end > computing, you probably don't want to interrupt things every hour just > to see if things changed and such. > > I haven't had experience with kerberos, but it might help you. I don't > know if it can be used in place of the password authentication for user > accounts though. > > > Victor Ortega wrote: > > > > I have looked at the archives searching for a good way to manage user > > accounts on a beowulf cluster. Some people suggested using rsync, but > > my question is, how? rsync is nothing more than an efficient version > > of rcp; it doesn't really "synchronize" files--by that I mean that as > > soon as (or soon after) one file gets modified, the other files get > > updated. In particular, I want my users to be able to change their > > passwords or their login shells from any node and have the relevant > > files in /etc updated on all nodes, without the users having to do > > anything else on their part (like running some "update" script). I > > would really rather not write setuid-root wrappers to passwd and chsh, > > as I don't want to inadvertently introduce a security hole to my > > system. I have considered writing a PAM module, but I don't think > > this would cover the chsh case. I also don't want to hack the kernel > > or the file system to manage user accounts. Any suggestions? > > > > Victor
- Previous message: managing user accounts without NIS
- Next message: managing user accounts without NIS
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Beowulf mailing list