craig
PS: this works. i did this several years ago on one server when the
number of accounts grew to about 5000. there is one small catch - with
the cron job running every 5 minutes, there is a small window of time
when the source files in /etc have been updated but the .db versions
haven't been regenerated yet.
the nsswitch.conf file will check both the db and the original source
files in order, so it does not prevent new accounts from logging in. for
account deletions, however, the deleted account will still work until the
.db files are regenerated. similarly, password changes will not take
effect immediately.
actually, it's been years - i can't remember if only the old password
(in /var/lib/misc/shadow.db) works, or if both the old (shadow.db) and
new (/etc/shadow) password will work. either way, that's only until the
cron job runs make again (i.e. at most, up to 5 minutes. or less if you
have cron run make more frequently).
if you have written scripts to assist with account
creation/deletion/changing, you could easily modify them to run "cd
/var/lib/misc ; make" after any change, thus eliminating the delay.
you still want the cron job, though, in case there are other ways for a
password to be changed - shell login by users or poppassd or samba, for
instance.
--
craig sanders <cas@taz.net.au>
--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org