|
Using the KISS principle.
The usernames and password collection, must be centralized, for control,
only one place, where, u update, change and remove passwords,then, a
little help of scp, and all the trick is done.
Just, copy, over a secure coneccition, ur password collectios file.. and,
u are sync. We, even develop a "cluster" admin web based app, the
principle of functioning, was, one server, is the "fistone" then, using,
small programan triggered by a ssh execution command or attached to a port
using the inetd super server.. and u are done.
On Fri, 6 Sep 2002, Doug Schasteen wrote:
> Sorry if I'm getting off topic here, but I figure most of you are in the
> same boat as me when it comes to the fact that you don't want to have to
> set up user accounts on EVERY real server in your farm. When somebody
> needs a password reset, I can't imagine having to log in to 5 different
> servers to change the password on each of them.
>
> I've done a little bit of research on this, and it seems there are 2
> ways of using centralized authentication. They are LDAP and NIS. I don't
> personally like either of these, because my main reason for having
> multiple servers is actually for redundancy (if one server goes down, I
> have others). So what good is it to me if no one can log into the
> servers because the central authentication server is down? NIS seems to
> have one plausible solution, which is to run 1 master server and every
> other server be a slave server, but have each server set as a client to
> itself. That way the user accounts are propagating from the master to
> all of the slaves, but none of the slaves are relying on any other
> server for authentication. They are actually using themselves as their
> own authentication server.
>
> Does that sound right? Does anyone have any experience with doing that
> kind of a setup with NIS?
>
> My other idea would be simply to rsync all of the necessary files. I'm
> running FreeBSD on my real servers so I would just rsync /etc/group,
> /etc/passwd, /etc/master.passwd, and /etc/aliases. This way, all of my
> machines are using their normal authentication, but they all receive the
> newest set of user accounts and password files every minute (if I put
> the rsync commands in cron).
>
> What do you guys think? Let me know what you are doing to solve this
> problem.
>
> - Doug
>
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
|
