[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Migrating passwd users on Cobalt RaQ

On Fri, 2006-04-14 at 02:17 -0700, Howard Chu wrote:
> In particular, it doesn't support write operations so it can't be used 
> as an actual management tool. However, Symas (and probably others) have 
> built up full-function modules along these lines. The Symas module 
> supports not only /etc/passwd, /etc/group, and /etc/shadow, but also the 
> TCB databases (e.g. /etc/security) used by AIX, HPUX, and SCO 
> OpenServer, giving you fully LDAP-enabled management of native 
> Unix/Linux security. (The upside of this approach vs pam/nss is that 
> users can always login to a host, regardless of (loss of) access to a 
> central LDAP server. The downside is that updating someone's account 
> info can take a non-trivial amount of time as it replicates from the 
> central server to every managed host.)

Yes, I guess the Symas type of approach is what I was thinking. Perhaps
you need to excuse my ignorance, I was thinking the Cobalt GUI would
serve as the only management tool where writes occur to the passwd file
as it works now. Then a local LDAP server with passwd backend could
serve those authentications to my other apps. What would I need to
replicate? My objective is only to get those users to authenticate
against Postfix, IMAP, etc.

But being a demo purpose module, I feel the recommendation on this list
is to migrate the users and be done with it?