pwdis - readme (english)

PWDIS - A solution to the problem of automated password distribution ==================================================================== for AIX and Linux ================= This solution fills the gap between the number of systems too large to handle manually and too small to establish NIS (between 3 and 50 systems). By the way: You should only use NIS+ as for your security and only then if you have too much time left ;-) 1. Background, pros and cons ---------------------------- This software package has many advantages in aspect to other solutions (like file distribution or .rhosts): - There is no need to distribute all accounts. So you can have subsets of users on your machines for more security and easier administration. - Using an 'exclude list' you can prevent unwanted accounts (like bin, daemon, ...) to be distributed. So only 'real' accounts will be transmitted. - You can distribute your accounts to up to 64 systems (more on request). - Using alias definitions accounts can be updated which have different names on different machines. - No .rhosts file is needed. The communication is done by sockets. - The communication is encrypted by the RC4 algorithm and makes use of timestamps to prevent later replaying of recorded traffic. - This program is free software (GPL License); see COPYING Limitations - The adjustment is working only in one direction. That means, changing passwords on the 'non-server' machine will eventually be overwritten by the older version from the server. To deal with this problem one can try to install mutual client-server systems which distribute the password directly after changing it. This, however, has not been tested! - The flags set in AIX will not be forwarded to Linux systems as there are such features only available indirectly. - For security reasons the time difference of a communicating node pair has to be at most 3 minutes ahead or behind each other. If you have need for solving one of the above limitations, please contact me by info@quoty.de 2. Installation --------------- AIX: The installation is easy as this package comes as 'ordinary' LPP. ;-) You just have to customize the config files which are located in /usr/local/lib/pwdis-1.2/ and copy them into the /etc directory. Linux: Nodes running Linux have to get their files manually from the directory /usr/local/lib/pwdis-1.2/linux. The Linux release has to be 2.x (tested with 2.0, 2.2, 2.4). Don't forget to copy also the configuration files! Also you have to insert an entry in the /etc/inetd.conf manually (when done, execute kill -1 !). For periodic distribution you should add an entry to the crontab of the root user like this one: 40 * * * * /usr/local/sbin/pwdis >/var/adm/pwdis.log 2>&1 # passwd distribution AIX and Linux: ATTENTION: Before starting the tool the first time, you have to create an initial key file using the command /usr/local/sbin/pwkey and distribute the generated key file /etc/.pwkey using a floppy disk or ssh (or such) If you have questions, FIRST consult the man-page that comes with this package (to be found in /usr/share/man/man8), THEN consult me :-) Copyright (C) 1999-2003 by R. Erl; E-Mail: info@quoty.de

www.quoty.de www.doquest.de	pwdis - readme (english)
Wir über uns Computer AIX-Tipps Linux-Tipps Unx Allgemein ATM on Linux Download Area Freizeit* Urlaub Für unsere Freunde Was gibt's Neues Titel-Historie Links Internas Impressum	PWDIS - A solution to the problem of automated password distribution ==================================================================== for AIX and Linux ================= This solution fills the gap between the number of systems too large to handle manually and too small to establish NIS (between 3 and 50 systems). By the way: You should only use NIS+ as for your security and only then if you have too much time left ;-) 1. Background, pros and cons ---------------------------- This software package has many advantages in aspect to other solutions (like file distribution or .rhosts): - There is no need to distribute all accounts. So you can have subsets of users on your machines for more security and easier administration. - Using an 'exclude list' you can prevent unwanted accounts (like bin, daemon, ...) to be distributed. So only 'real' accounts will be transmitted. - You can distribute your accounts to up to 64 systems (more on request). - Using alias definitions accounts can be updated which have different names on different machines. - No .rhosts file is needed. The communication is done by sockets. - The communication is encrypted by the RC4 algorithm and makes use of timestamps to prevent later replaying of recorded traffic. - This program is free software (GPL License); see COPYING Limitations - The adjustment is working only in one direction. That means, changing passwords on the 'non-server' machine will eventually be overwritten by the older version from the server. To deal with this problem one can try to install mutual client-server systems which distribute the password directly after changing it. This, however, has not been tested! - The flags set in AIX will not be forwarded to Linux systems as there are such features only available indirectly. - For security reasons the time difference of a communicating node pair has to be at most 3 minutes ahead or behind each other. If you have need for solving one of the above limitations, please contact me by info@quoty.de 2. Installation --------------- AIX: The installation is easy as this package comes as 'ordinary' LPP. ;-) You just have to customize the config files which are located in /usr/local/lib/pwdis-1.2/ and copy them into the /etc directory. Linux: Nodes running Linux have to get their files manually from the directory /usr/local/lib/pwdis-1.2/linux. The Linux release has to be 2.x (tested with 2.0, 2.2, 2.4). Don't forget to copy also the configuration files! Also you have to insert an entry in the /etc/inetd.conf manually (when done, execute kill -1 !). For periodic distribution you should add an entry to the crontab of the root user like this one: 40 * * * * /usr/local/sbin/pwdis >/var/adm/pwdis.log 2>&1 # passwd distribution AIX and Linux: ATTENTION: Before starting the tool the first time, you have to create an initial key file using the command /usr/local/sbin/pwkey and distribute the generated key file /etc/.pwkey using a floppy disk or ssh (or such) If you have questions, FIRST consult the man-page that comes with this package (to be found in /usr/share/man/man8), THEN consult me :-) Copyright (C) 1999-2003 by R. Erl; E-Mail: info@quoty.de