[OpenAFS] Distributing passwd
John Rudd
jrudd@ucsc.edu
Tue, 10 Jun 2003 21:07:44 -0700
On Tuesday, Jun 10, 2003, at 08:29 US/Pacific, fronils wrote:
> how does people go about the problem of distributing files like
> /etc/passwd to
> clients? Using NIS or something else?
At cygnus we used to use kerberized-rdist.
One way to do it might be to use kerberized-rcp to move the files
around into a machine-local directory, and use that as the source data
for cfengine. Cfengine then does massaging and sanity checking on the
local data before it gets put into production on that machine.
Or, instead of kerberized-rcp, you could use cvs (with whichever
authentication mechanism you want). Have a process running on each
machine that listens for modifications to system files within your cvs
repository, and checks out the current copy as soon as there's an
update (I'm not sure if auto-cvs is a generic term, or just what one of
our engineers called this; I'm not a cvs guru). That machine's local
copy of the cvs'ed system files are then used as the source data for
cfengine. After your auto-cvs process checks out the data, it then
invokes cfengine.
Then you'd have version control on your system files, relatively
instant updates, and members of your sysadmin group could check out and
make changes to files ... as long as the changes don't have collisions
(ie. they could theoretically both modify the passwd file, as long as
they don't modify the same piece of the passwd file, in a way that both
changes can't be resolved with each other automatically by cvs's check
in process).