Xref: utzoo comp.unix.questions:20520 comp.unix.wizards:20945 Path: utzoo!utgpu!watserv1!watmath!iuvax!noose.ecn.purdue.edu!orchestra.ecn.purdue.edu!kimery From: kimery@orchestra.ecn.purdue.edu (Sam Kimery) Newsgroups: comp.unix.questions,comp.unix.wizards Subject: Re: uid administration (Long) Keywords: uid administration yellow pages (gack! yp that is) Message-ID: <1990Mar9.184348.9975@ecn.purdue.edu> Date: 9 Mar 90 18:43:48 GMT References: <45475@lanl.gov> <1990Mar9.141637.22366@math-cs.kent.edu> Sender: news@ecn.purdue.edu (USENET news) Reply-To: kimery@orchestra.ecn.purdue.edu (Sam Kimery) Organization: Purdue University Engineering Computer Network Lines: 90 Here at the Purdue Engineering Computer Network (ECN), we are using software known as ACmaint, which was written in house. In an attempt to keep this brief, I'll give the "glossy" description of ACmaint. Those wanting more detail may contact me (kimery@ecn.purdue.edu). Currently ACmaint controls about 400 machines (all at ECN). There are about 12,000 users with 90,000 accounts. Each Fall about 2,000 new accounts are added, with 1,000 (or so) accounts deleted each summer. ACmaint uses a daemon on each machine under its control (TRANSD) and a single daemon that controls a central database (DBD). ACmaint controls all user accounts. Some items are maintained as "common" to an login (eg: uid, login, fullname, etc) and changes to these cause changes on all machines the user has an account on. Other items are consider to be "per machine" and are stored seperately (eg: gid, passwd, shell, homedir, etc). Changes to the per-account information are only transmitted to the machines effected. All changes occur immediately (or reasonably close :-)). Fun things like changing the root password, which used to take 3+ hours to do, now consumes less than 1 minute of a "human" time, and is completed in less than 20 minutes (network wide). ACmaint also understands the things that it must do in order to create/delete an account and several local "features." There are several front-ends to ACmaint: The most commonly used by standard users is through modified versions of the standard commands (eg: passwd, chsh, chfn, etc) that contact the DBD rather than update the local copy of /etc/passwd. These commands have also been modified to allow the use of a new flag ('-n') which causes the change to take place 'netwide'. A good example would be 'passwd -n barfoo' which would cause the password for the user 'barfoo' to be changed on every machine (under ACmaint's control, of course) - with the exception of the '-n' flag, the command interacts the same as the standard Unix /bin/passwd. The administrative front end is known as AH (account handler) and allows a system administrator to manipulate (create/destroy/change) accounts from any machine on our network. The current version of AH support the following commands: ! - execute shell command # - a comment, the entire line is ignored = - set a default value or assign a value to a variable ? - see help add - add a user to new host(s) add_group - add user(s) to a group change - change user information by field change_group - change group information by field copy - copy a user from one host to other host(s) create - create a new account create_group - create a new group disable - disable an account edit - edit last command and re-execute enable - enable a disabled account help - print help log - manipulate log files message - set a message on an account quit - quit, exit ah read - execute commands from a file remove - remove a user from host(s) remove_group - remove user(s) from a group show - show user information show_group - show group information terminate - remove a user from all hosts terminate_group - eliminate a group unmessage - remove a message from an account ACmaint has the ability to survive system crashes, and goes to great length to assure that no data loss occurs. ACmaint has run or is running on the following architectures; sun3, sun4 (all), vax 780, Gould NP-1, Gould 9080, CCI Tahoe, and Sequent Symmetry. I'm working on the next version of ACmaint, which is expected to be complete sometime this summerish. That will be the first publicly available version. Again, for further details, please contact me (kimery@ecn.purdue.edu) --Sam ------------------------------------------------------------------------ --------- Sam Kimery - Unix Systems Programmer Engineering Computer Network - Purdue University UUCP: pur-ee!kimery ARPA: kimery@ecn.purdue.edu BELL: 317-494-3473