How to Centralize Passwords

blank888 · January 29, 2013, 2:50am

I have 6 or so computers all running OpenSUSE 11.2 (Although I think that will be changing to 12.1 soon) and I need to centralize the passwords on all of them. I want every user to have one account and one password that will work on all the machines, and I want it to update automatically. So if a user’s password expires they don’t have to change it 6 times to get the same password on all the machines. I’m currently using LDAP, but its buggy and giving me problems. I’ve looked at NIS but its too insecure. The only other idea I’ve come up with is to write a custom set of scripts that propagates /etc/shadow and /etc/passwd files to all the computers when a password is changed on one of them, but I’ve come across several problems that will have to be worked around. Before pursuing a possibly stupid idea, I thought I’d ask you all - what do you think is a good program/package to accomplish this?
Thanks!

jdmcdaniel3 · January 29, 2013, 3:02am

blank888:

I have 6 or so computers all running OpenSUSE 11.2 (Although I think that will be changing to 12.1 soon) and I need to centralize the passwords on all of them. I want every user to have one account and one password that will work on all the machines, and I want it to update automatically. So if a user’s password expires they don’t have to change it 6 times to get the same password on all the machines. I’m currently using LDAP, but its buggy and giving me problems. I’ve looked at NIS but its too insecure. The only other idea I’ve come up with is to write a custom set of scripts that propagates /etc/shadow and /etc/passwd files to all the computers when a password is changed on one of them, but I’ve come across several problems that will have to be worked around. Before pursuing a possibly stupid idea, I thought I’d ask you all - what do you think is a good program/package to accomplish this?
Thanks!

So I am thinking that short of a Windows Domain Controller, you want to look at something like this: openSUSE 12.2: Chapter 3. Using NIS

May I ask why you are still using openSUSE 11.2 and the fact that 12.2 is the latest and 12.3 is due in March? Security support can be a problem unless you are sticking with Evergreen Support: openSUSE:Evergreen - openSUSE Wiki

Thank You,

hendersj · January 29, 2013, 3:38am

On Tue, 29 Jan 2013 01:56:01 +0000, blank888 wrote:

> I’m currently using LDAP, but its buggy and giving me problems. I’ve
> looked at NIS but its too insecure.

LDAP is what you want, you should spend some time working out why you
have issues with it - it’s the most common way of accomplishing this and /
shouldn’t/ be buggy at all.

NIS and NIS+ are generally not well regarded in the *nix world.

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

ab · January 29, 2013, 1:15pm

>> I’m currently using LDAP, but its buggy and giving me problems. I’ve
>> looked at NIS but its too insecure.
>
> LDAP is what you want, you should spend some time working out why you
> have issues with it - it’s the most common way of accomplishing this and /
> shouldn’t/ be buggy at all.

Exactly; let’s talk more about the LDAP bugginess as that should not be
the case. LDAP is secure, dead simple (as a protocol anyway), and as a
result works well across most platforms, and has an extensive set of tools
on all platforms for working with it. Yast provides support for it (as
you likely know) and you can setup replication so that no single host is
the single point of failure.

Good luck.