Path: utzoo!utgpu!attcan!uunet!cucstud!aucis!bnick
From: bnick@aucis.UUCP (Bill Nickless)
Newsgroups: comp.unix.wizards
Subject: Re: Alternatives for Yellow Pages?
Summary: Another approach; not as effecient but no source necessary,
	 using an RFS system.
Message-ID: <124@aucis.UUCP>
Date: 10 Jan 89 13:34:21 GMT
References: <6999@pyr.gatech.EDU> <747@genie.UUCP>
Lines: 50

In article <747@genie.UUCP>, scooter@genie.UUCP (Scooter Morris) writes:
> From article <6999@pyr.gatech.EDU>, by david@pyr.gatech.EDU (David Brown):
> > Hi.  Over the past several months, I've read several articles from
> > SysAdmins who said that they didn't use Yellow Pages on their networks.
> > I can understand this: we use yp and it's a real pain sometimes.  What
> > are some alternate ways to get similar effects?  (I want user x to be able
> > to use his same username and password on all our machines, and when he
> > changes it on any machine, I want that change propagated to all the others).
> 
> 	So, we modified /bin/passwd so that insted of updating the
> 	password database directly, it sends a packet to a password
> 	daemon.

[ Description of solution deleted ]

> 	P.S.  This stuff is available to anyone who wants it, but
> 	you'll need source to take advantage of it because of the
> 	changes to /bin/passwd.

At our installation, we run 2 AT&T 3B2/400's with an RFS link set up between
them.  Unfortunately (?) we don't have a source license here, so we have to 
make do with the binaries.

The first step was to restrict /bin/passwd (chmod o-rx /bin/passwd).  Then
we created a simple program to act as a front-end to /bin/passwd, with a
set-gid to sys (or whatever the group of /bin/passwd is).  We installed this
as /usr/local/bin/passwd.

This front end traps SIGQUIT and SIGINT, creates a lockfile in a common place 
in the RFS domain, and executes /bin/passwd as a child process with the same 
argument that the front end was called with.  When /bin/passwd returns, it
copies /etc/passwd to the remote sites using chmod and /bin/cp.

Problems include:

1.  Only one person, domain-wide, can change their password at a time.  This
    can cause significant delays because many people wait for the "Enter new
    password:" prompt before thinking one up!

2.  Password aging probably can't be used, because I suspect login expects to
    execute /bin/passwd to change passwords.

3.  /etc/passwd has to be copied to all the other machines.

Good luck!
-- 
William (Bill) Kirk Nickless                                 Andrews University
305 Meier                           Computer and Information Science Department
Berrien Springs, MI 49104                                    UNIX Support Group
(616) 471-6515 or (616) 471-3422                  ...!uunet!cucstud!aucis!bnick