Lots of useless header info stripped out

From: Adrian Chung Reply-To: ovsage@yahoogroups.com To: Ottawa Valley SAGE Subject: [ovsage] Centralized password databases. Date: Sun, 21 Apr 2002 21:19:07 -0400

Aloha!

I’m looking to co-locate a server that will act as a web and mail server. I’ve currently got a server on my LAN doing this, but I’m soliciting advice on how best to achieve a centralized authentication scheme once it’s moved.

Ultimately I’d like to have users able to set their passwords using one mechanism that is tied to a database shared between both the co-lo server and any servers running here.

That would be the best way to proceed, so that you don’t have to maintain two separate databases.

I’m shying away from anything that depends on realtime synchronization, because my home link might not always be up, and I don’t want authentication to be tied to the availability of my link.

I’m tending towards an rsync of the shadow/password files, or a custom script that merges password change differences for entries in the password database.

You can rsync across an ssh tunnel, so that would protect your data. You still have the problem as to how to manage updates though… If the password is changed on the co-lo and the local in the same day and you only sync once a day, which takes precedence?