Propagating password across a linux farm
This is a discussion on Propagating password across a linux farm within the Linux Administration forums, part of the Linux Forums category; Does anyone have any admin suggestions for propagating ( mass changing ) of a users password across a networked linux farm? I ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-17-2004
|
|||
|
|||
Re: Propagating password across a linux farm
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 news_searcher wrote: | Does anyone have any admin suggestions for propagating ( mass changing ) of | a users password across a networked linux farm? I have seen one method | using an "expect" script, but expect is not distributed on these servers. | | Perhaps you should look at ldap to manage password authentication. Its ideally suited for a networked environment with lots of computers to be administered (as one). http://www.openldap.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFACW4qkY9EF6QEdTkRAkgVAKCCL+qwJJ6rm7zWtOAj3r asSsV2kACdFX3l 20DPt62a/YXO68bnkc88o0E= =JQ+y -----END PGP SIGNATURE----- 
|
|
01-18-2004
|
|||
|
|||
|
Re: Propagating password across a linux farm
On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > news_searcher wrote: > | Does anyone have any admin suggestions for propagating ( mass changing > ) of > | a users password across a networked linux farm? I have seen one method > | using an "expect" script, but expect is not distributed on these servers. > | > | > Perhaps you should look at ldap to manage password authentication. Its > ideally suited for a networked environment with lots of computers to be > administered (as one). > > http://www.openldap.org/ Am I the only person to look at this and say "what does it do ?" and "whats it for ?" The descriptions are clever, but I still don't understand what its for !!!! Is it a domain controller ? A Filesystem ? A database ? A replacement for DNS ?????
|
|
01-18-2004
|
|||
|
|||
|
Re: Propagating password across a linux farm
"root" <root@home.com> quoted and wrote in message
news:pan.2004.01.18.08.44.02.728333@home.com >> http://www.openldap.org/ > > Am I the only person to look at this and say "what does it do ?" and > "whats it for ?" > > The descriptions are clever, but I still don't understand what its > for !!!! > > Is it a domain controller ? A Filesystem ? A database ? A > replacement for DNS ????? http://www.tldp.org/HOWTO/LDAP-HOWTO/ answers all your questions. -- use hotmail for any email replies -----= Posted via Newsfeeds.Com, Uncensored Usenet News =----- http://www.newsfeeds.com - The #1 Newsgroup Service in the World! -----== Over 100,000 Newsgroups - 19 Different Servers! =-----
|
|
01-18-2004
|
|||
|
|||
|
Re: Propagating password across a linux farm
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 root wrote: | On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote: |>Perhaps you should look at ldap to manage password authentication. Its |>ideally suited for a networked environment with lots of computers to be |>administered (as one). |> |>http://www.openldap.org/ | | | Am I the only person to look at this and say "what does it do ?" and | "whats it for ?" | | The descriptions are clever, but I still don't understand what its for !!!! | | Is it a domain controller ? A Filesystem ? A database ? A replacement for | DNS ????? | OpenLDAP is a directory server. LDAP stands for Lightweight Directory Access Protocol. It is big on security, so much so that you can securely setup clients to authenticate users not with the local password database (/etc/passwd) but with the "database" or directory stored on the trusted LDAP server. In simpler terms, the client computers let the LDAP server check wether the username/password is correct. (So you only need to manage the username/passwords on the one computer, the LDAP server.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFACo21kY9EF6QEdTkRAnfbAJ9L9PpBgNGEMRDdnDru5Z vK8uBQOQCeKgnS NHqkoHSl8zMg6wDDF+ws5xk= =mny5 -----END PGP SIGNATURE-----
|
|
01-19-2004
|
|||
|
|||
|
Re: Propagating password across a linux farm
On Sun, 18 Jan 2004 13:44:21 +0000, Ben Measures wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > root wrote: > | On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote: > |>Perhaps you should look at ldap to manage password authentication. Its > |>ideally suited for a networked environment with lots of computers to be > |>administered (as one). > |> > |>http://www.openldap.org/ > | > | > | Am I the only person to look at this and say "what does it do ?" and > | "whats it for ?" > | > | The descriptions are clever, but I still don't understand what its for > !!!! > | > | Is it a domain controller ? A Filesystem ? A database ? A replacement for > | DNS ????? > | > > OpenLDAP is a directory server. LDAP stands for Lightweight Directory > Access Protocol. > > It is big on security, so much so that you can securely setup clients to > authenticate users not with the local password database (/etc/passwd) > but with the "database" or directory stored on the trusted LDAP server. > > In simpler terms, the client computers let the LDAP server check wether > the username/password is correct. (So you only need to manage the > username/passwords on the one computer, the LDAP server.) > Thanks, I think they need to add a simple "what is this typically for" to their documentation, I read 5 pages of into in the FAQ and had less idea when I finished than I thought I had when I started ;-) ! Unix network projects seem to tread on each others toes ?? For example if you authenticate with LDAP I guess you can get a home directory etc.... in the M/Soft world that would be a "domain controller" - but hang on isn't the unix domain controller NIS ... or this is LDAP intended as a replacement for NIS? Also in windows at the client can "mount" the network volume for the user, in unix file systems are statically mounted... doest this make things a bit clunky for large distributed networks or is what i'm reading out of date for linux ? Cheers, Jon
|
|
01-19-2004
|
|||
|
|||
|
Re: Propagating password across a linux farm
"root" <root@home.com> wrote in message
news:pan.2004.01.19.11.26.41.98208@home.com... > On Sun, 18 Jan 2004 13:44:21 +0000, Ben Measures wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > root wrote: > > | On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote: > > |>Perhaps you should look at ldap to manage password authentication. Its > > |>ideally suited for a networked environment with lots of computers to be > > |>administered (as one). > > |> > > |>http://www.openldap.org/ > > ... or this is LDAP intended as a replacement for NIS? > A few years ago we used NIS for sharing Unix account information and passwords. Is NIS obsolete? Can someone point out advantages or disadvantages of LDAP versus NIS? Can LDAP be integrated with Windows Active Directory? Thanks very much. George Elkins
|
|
01-19-2004
|
|||
|
|||
|
Re: Propagating password across a linux farm
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 root wrote: | On Sun, 18 Jan 2004 13:44:21 +0000, Ben Measures wrote: | | |>-----BEGIN PGP SIGNED MESSAGE----- |>Hash: SHA1 |> |>root wrote: |>| On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote: |>|>Perhaps you should look at ldap to manage password authentication. [snip] |> |>OpenLDAP is a directory server. LDAP stands for Lightweight Directory |>Access Protocol. |> |>It is big on security, so much so that you can securely setup clients to |>authenticate users not with the local password database (/etc/passwd) |>but with the "database" or directory stored on the trusted LDAP server. |> |>In simpler terms, the client computers let the LDAP server check wether |>the username/password is correct. (So you only need to manage the |>username/passwords on the one computer, the LDAP server.) |> | [snip] | Unix network projects seem to tread on each others toes ?? For example if | you authenticate with LDAP I guess you can get a home directory etc.... in | the M/Soft world that would be a "domain controller" - but hang on isn't | the unix domain controller NIS ... or this is LDAP intended as a | replacement for NIS? Not really. It was designed with more in mind. It just happens to be good at authentication. LDAP can do so much more, like provide a directory of email address for your email client, to name just one. For more on LDAP and authentication, see http://www.mandrakesecure.net/en/docs/ldap-auth.php To get this link I googled ldap authentication. Came 3rd. http://www.tldp.org/HOWTO/LDAP-Imple...TO/pamnss.html came 5th. C'mon, to google is good. | | Also in windows at the client can "mount" the network volume | for the user, in unix file systems are statically mounted... doest this | make things a bit clunky for large distributed networks or is what i'm | reading out of date for linux ? Network filesystems aren't statically mounted anymore. google automount for info. Its been around for quite a while now (couple of years). There is also a great "alternative" to traditional network mounts, Intermezzo. Its a true distributed filesystem, has many great features, with few of the disadvantages of traditional shares. As a side note, you might want to have a look at http://www.catb.org/~esr/faqs/smart-questions.html if you want answers/non-impatient answers to your questions. I've decided only today that I don't have the time to answer questions from people who haven't read "How To Ask Questions The Smart Way". Sorry if I seem impatient, because thats what I am atm. Most of this post could have been googled. - -- Ben M. - ---------------- What are Software Patents for? To protect the small enterprise from bigger companies. What do Software Patents do? In its current form, they protect only companies with big legal departments as they: a.) Patent everything no matter how general b.) Sue everybody. Even if the patent can be argued invalid, small companies can ill-afford the typical $500k cost of a law-suit (not to mention years of harrasment). Don't let them take away your right to program whatever you like. Make a stand on Software Patents before its too late. Read about the ongoing battlUntitled 1e at http://swpat.ffii.org/ - ---------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFADARwkY9EF6QEdTkRAsCvAJ9IYjkx3Y3+ghjFnchX4b NjY9zjVgCeJ3TS FyM3UKslOPPEwH+FSQpHYAk= =5u1l -----END PGP SIGNATURE-----
|
|
01-19-2004
|
|||
|
|||
|
Re: Propagating password across a linux farm
On Mon, 19 Jan 2004 16:23:13 +0000, Ben Measures wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > root wrote: > | On Sun, 18 Jan 2004 13:44:21 +0000, Ben Measures wrote: > | > | > |>-----BEGIN PGP SIGNED MESSAGE----- > |>Hash: SHA1 > |> > |>root wrote: > |>| On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote: > |>|>Perhaps you should look at ldap to manage password authentication. > [snip] > |> > |>OpenLDAP is a directory server. LDAP stands for Lightweight Directory > |>Access Protocol. > |> > |>It is big on security, so much so that you can securely setup clients to > |>authenticate users not with the local password database (/etc/passwd) > |>but with the "database" or directory stored on the trusted LDAP server. > |> > |>In simpler terms, the client computers let the LDAP server check wether > |>the username/password is correct. (So you only need to manage the > |>username/passwords on the one computer, the LDAP server.) > |> > | > [snip] > | Unix network projects seem to tread on each others toes ?? For example if > | you authenticate with LDAP I guess you can get a home directory etc.... in > | the M/Soft world that would be a "domain controller" - but hang on isn't > | the unix domain controller NIS ... or this is LDAP intended as a > | replacement for NIS? > > Not really. It was designed with more in mind. It just happens to be > good at authentication. LDAP can do so much more, like provide a > directory of email address for your email client, to name just one. > > For more on LDAP and authentication, see > http://www.mandrakesecure.net/en/docs/ldap-auth.php > To get this link I googled ldap authentication. Came 3rd. > http://www.tldp.org/HOWTO/LDAP-Imple...TO/pamnss.html > came 5th. C'mon, to google is good. > > | > | Also in windows at the client can "mount" the network volume > | for the user, in unix file systems are statically mounted... doest this > | make things a bit clunky for large distributed networks or is what i'm > | reading out of date for linux ? > Network filesystems aren't statically mounted anymore. google automount > for info. Its been around for quite a while now (couple of years). > > There is also a great "alternative" to traditional network mounts, > Intermezzo. Its a true distributed filesystem, has many great features, > with few of the disadvantages of traditional shares. > > As a side note, you might want to have a look at > http://www.catb.org/~esr/faqs/smart-questions.html if you want > answers/non-impatient answers to your questions. I've decided only today > that I don't have the time to answer questions from people who haven't > read "How To Ask Questions The Smart Way". > > Sorry if I seem impatient, because thats what I am atm. Most of this > post could have been googled. > > For a clever person thats a bit of a stupid response. The reason to ask a question like "whats it for" or "is this obselete" is because it can only be answered by the users. googling for information is fine, but how do I as someone who doesn't use NIS for example know whats up to date and whats not. If I wanted the manual I would rust RTFM - I news post because I wanted the opinion.
|
|
01-19-2004
|
|||
|
|||
|
Re: Propagating password across a linux farm
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 George Elkins wrote: | | A few years ago we used NIS for sharing Unix account information and | passwords. Is NIS obsolete? You're still free to use NIS, but there are better ways now (read easier to administer). | Can someone point out advantages or disadvantages of LDAP versus NIS? Google can. searching for ldap athentication gave http://www.tldp.org/HOWTO/LDAP-Imple...TO/pamnss.html | Can LDAP be integrated with Windows Active Directory? Don't really know that one. Try another newsgroup like comp.os.ms-windows.nt.admin.networking | Thanks very much. | | George Elkins - -- Ben M. - ---------------- What are Software Patents for? To protect the small enterprise from bigger companies. What do Software Patents do? In its current form, they protect only companies with big legal departments as they: a.) Patent everything no matter how general b.) Sue everybody. Even if the patent can be argued invalid, small companies can ill-afford the typical $500k cost of a law-suit (not to mention years of harrasment). Don't let them take away your right to program whatever you like. Make a stand on Software Patents before its too late. Read about the ongoing battlUntitled 1e at http://swpat.ffii.org/ - ---------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFADBaykY9EF6QEdTkRAslrAJ4tdT6eTw+siieydMZNwu QgFtdQaQCfelKj 0wVjYV9TeXAChDAUJAUEPr4= =WoJT -----END PGP SIGNATURE-----
|
Linear Mode
