Re: sync root passwords?

To: <debian-user@lists.debian.org>
Subject: Re: sync root passwords?
From: "nate" <debian-user@aphroland.org>
Date: Wed, 4 Dec 2002 14:39:42 -0800 (PST)
Message-id: <[🔎] 24814.216.39.174.24.1039041582.squirrel@webmail.linuxpowered.net>
In-reply-to: <[🔎] 1039036558.3dee708ef3b4d@www.heritage.sd57.bc.ca>
References: <[🔎] 1039036558.3dee708ef3b4d@www.heritage.sd57.bc.ca>

Mike Egglestone said:
> Hi,
> Is there a debian package for syncing root passwords on multiple servers?
> If I had a 100 debian servers, and want the root passwords all be the
> same, is there a util that will sync just the root password?

it may be a bit overkill for just 1 account but there is LDAP too.
and LDAP allows you to remotely "disable" accounts as well. So even
if you have the root password, the system will not allow you to
authenticate. This is the same for SSH key logins. PAM will block
access to the account(not even su will work). It's useful I think
for systems that do not get logged into often. If you have 100 servers
chances are some servers probably almost never get logged in to. You
can authenticate using SSL/TLS with LDAP as well making the network
communications more secure. That and if some script kiddie manages
to get your passwd or shadow file through whatever means the passwords
in them will be useless(provided PAM is fully configured). Since most
people are not quite aware of LDAP, and LDAP can be configured to
not allow anonymous queries. It's quite powerful and fun to use. You
can go further by authenticating off a slave openldap server which is
"read only", so modification to the db will be impossible.

I have a fairly extensive LDAP howto available here:

http://howto.aphroland.de/HOWTO/LDAP

nate

Reply to:

References:
- sync root passwords?
  - From: Mike Egglestone <megglestone@heritage.sd57.bc.ca>

Prev by Date: RE: sync root passwords?
Next by Date: Re: sync root passwords?
Previous by thread: Re: sync root passwords?
Next by thread: Re: sync root passwords?
Index(es):
- Date
- Thread