Propagating password across a linux farm - Linux

This is a discussion on Propagating password across a linux farm - Linux ; Does anyone have any admin suggestions for propagating ( mass changing ) of a users password across a networked linux farm? I have seen one method using an "expect" script, but expect is not distributed on these servers....

+ Reply to Thread
Results 1 to 15 of 15

Thread: Propagating password across a linux farm

  1. Propagating password across a linux farm

    Does anyone have any admin suggestions for propagating ( mass changing ) of
    a users password across a networked linux farm? I have seen one method
    using an "expect" script, but expect is not distributed on these servers.



  2. Re: Propagating password across a linux farm

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    news_searcher wrote:
    | Does anyone have any admin suggestions for propagating ( mass changing
    ) of
    | a users password across a networked linux farm? I have seen one method
    | using an "expect" script, but expect is not distributed on these servers.
    |
    |
    Perhaps you should look at ldap to manage password authentication. Its
    ideally suited for a networked environment with lots of computers to be
    administered (as one).

    http://www.openldap.org/
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFACW4qkY9EF6QEdTkRAkgVAKCCL+qwJJ6rm7zWtOAj3r asSsV2kACdFX3l
    20DPt62a/YXO68bnkc88o0E=
    =JQ+y
    -----END PGP SIGNATURE-----


  3. Re: Propagating password across a linux farm

    On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > news_searcher wrote:
    > | Does anyone have any admin suggestions for propagating ( mass changing
    > ) of
    > | a users password across a networked linux farm? I have seen one method
    > | using an "expect" script, but expect is not distributed on these servers.
    > |
    > |
    > Perhaps you should look at ldap to manage password authentication. Its
    > ideally suited for a networked environment with lots of computers to be
    > administered (as one).
    >
    > http://www.openldap.org/


    Am I the only person to look at this and say "what does it do ?" and
    "whats it for ?"

    The descriptions are clever, but I still don't understand what its for !!!!

    Is it a domain controller ? A Filesystem ? A database ? A replacement for
    DNS ?????





  4. Re: Propagating password across a linux farm

    "root" quoted and wrote in message
    newsan.2004.01.18.08.44.02.728333@home.com

    >> http://www.openldap.org/

    >
    > Am I the only person to look at this and say "what does it do ?" and
    > "whats it for ?"
    >
    > The descriptions are clever, but I still don't understand what its
    > for !!!!
    >
    > Is it a domain controller ? A Filesystem ? A database ? A
    > replacement for DNS ?????


    http://www.tldp.org/HOWTO/LDAP-HOWTO/ answers all your questions.

    --
    use hotmail for any email replies



    -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
    http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
    -----== Over 100,000 Newsgroups - 19 Different Servers! =-----

  5. Re: Propagating password across a linux farm

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    root wrote:
    | On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote:
    |>Perhaps you should look at ldap to manage password authentication. Its
    |>ideally suited for a networked environment with lots of computers to be
    |>administered (as one).
    |>
    |>http://www.openldap.org/
    |
    |
    | Am I the only person to look at this and say "what does it do ?" and
    | "whats it for ?"
    |
    | The descriptions are clever, but I still don't understand what its for
    !!!!
    |
    | Is it a domain controller ? A Filesystem ? A database ? A replacement for
    | DNS ?????
    |

    OpenLDAP is a directory server. LDAP stands for Lightweight Directory
    Access Protocol.

    It is big on security, so much so that you can securely setup clients to
    authenticate users not with the local password database (/etc/passwd)
    but with the "database" or directory stored on the trusted LDAP server.

    In simpler terms, the client computers let the LDAP server check wether
    the username/password is correct. (So you only need to manage the
    username/passwords on the one computer, the LDAP server.)
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFACo21kY9EF6QEdTkRAnfbAJ9L9PpBgNGEMRDdnDru5Z vK8uBQOQCeKgnS
    NHqkoHSl8zMg6wDDF+ws5xk=
    =mny5
    -----END PGP SIGNATURE-----


  6. Re: Propagating password across a linux farm

    On Sun, 18 Jan 2004 13:44:21 +0000, Ben Measures wrote:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > root wrote:
    > | On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote:
    > |>Perhaps you should look at ldap to manage password authentication. Its
    > |>ideally suited for a networked environment with lots of computers to be
    > |>administered (as one).
    > |>
    > |>http://www.openldap.org/
    > |
    > |
    > | Am I the only person to look at this and say "what does it do ?" and
    > | "whats it for ?"
    > |
    > | The descriptions are clever, but I still don't understand what its for
    > !!!!
    > |
    > | Is it a domain controller ? A Filesystem ? A database ? A replacement for
    > | DNS ?????
    > |
    >
    > OpenLDAP is a directory server. LDAP stands for Lightweight Directory
    > Access Protocol.
    >
    > It is big on security, so much so that you can securely setup clients to
    > authenticate users not with the local password database (/etc/passwd)
    > but with the "database" or directory stored on the trusted LDAP server.
    >
    > In simpler terms, the client computers let the LDAP server check wether
    > the username/password is correct. (So you only need to manage the
    > username/passwords on the one computer, the LDAP server.)
    >

    Thanks, I think they need to add a simple "what is this typically for" to
    their documentation, I read 5 pages of into in the FAQ and had less idea
    when I finished than I thought I had when I started ;-) !

    Unix network projects seem to tread on each others toes ?? For example if
    you authenticate with LDAP I guess you can get a home directory etc.... in
    the M/Soft world that would be a "domain controller" - but hang on isn't
    the unix domain controller NIS ... or this is LDAP intended as a
    replacement for NIS?

    Also in windows at the client can "mount" the network volume
    for the user, in unix file systems are statically mounted... doest this
    make things a bit clunky for large distributed networks or is what i'm
    reading out of date for linux ?

    Cheers, Jon


  7. Re: Propagating password across a linux farm

    "root" wrote in message
    newsan.2004.01.19.11.26.41.98208@home.com...
    > On Sun, 18 Jan 2004 13:44:21 +0000, Ben Measures wrote:
    >
    > > -----BEGIN PGP SIGNED MESSAGE-----
    > > Hash: SHA1
    > >
    > > root wrote:
    > > | On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote:
    > > |>Perhaps you should look at ldap to manage password authentication. Its
    > > |>ideally suited for a networked environment with lots of computers to

    be
    > > |>administered (as one).
    > > |>
    > > |>http://www.openldap.org/

    >
    > ... or this is LDAP intended as a replacement for NIS?
    >


    A few years ago we used NIS for sharing Unix account information and
    passwords. Is NIS obsolete? Can someone point out advantages or
    disadvantages of LDAP versus NIS? Can LDAP be integrated with Windows
    Active Directory?

    Thanks very much.

    George Elkins




  8. Re: Propagating password across a linux farm

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    root wrote:
    | On Sun, 18 Jan 2004 13:44:21 +0000, Ben Measures wrote:
    |
    |
    |>-----BEGIN PGP SIGNED MESSAGE-----
    |>Hash: SHA1
    |>
    |>root wrote:
    |>| On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote:
    |>|>Perhaps you should look at ldap to manage password authentication.
    [snip]
    |>
    |>OpenLDAP is a directory server. LDAP stands for Lightweight Directory
    |>Access Protocol.
    |>
    |>It is big on security, so much so that you can securely setup clients to
    |>authenticate users not with the local password database (/etc/passwd)
    |>but with the "database" or directory stored on the trusted LDAP server.
    |>
    |>In simpler terms, the client computers let the LDAP server check wether
    |>the username/password is correct. (So you only need to manage the
    |>username/passwords on the one computer, the LDAP server.)
    |>
    |
    [snip]
    | Unix network projects seem to tread on each others toes ?? For example if
    | you authenticate with LDAP I guess you can get a home directory etc.... in
    | the M/Soft world that would be a "domain controller" - but hang on isn't
    | the unix domain controller NIS ... or this is LDAP intended as a
    | replacement for NIS?

    Not really. It was designed with more in mind. It just happens to be
    good at authentication. LDAP can do so much more, like provide a
    directory of email address for your email client, to name just one.

    For more on LDAP and authentication, see
    http://www.mandrakesecure.net/en/docs/ldap-auth.php
    To get this link I googled ldap authentication. Came 3rd.
    http://www.tldp.org/HOWTO/LDAP-Imple...TO/pamnss.html
    came 5th. C'mon, to google is good.

    |
    | Also in windows at the client can "mount" the network volume
    | for the user, in unix file systems are statically mounted... doest this
    | make things a bit clunky for large distributed networks or is what i'm
    | reading out of date for linux ?
    Network filesystems aren't statically mounted anymore. google automount
    for info. Its been around for quite a while now (couple of years).

    There is also a great "alternative" to traditional network mounts,
    Intermezzo. Its a true distributed filesystem, has many great features,
    with few of the disadvantages of traditional shares.

    As a side note, you might want to have a look at
    http://www.catb.org/~esr/faqs/smart-questions.html if you want
    answers/non-impatient answers to your questions. I've decided only today
    that I don't have the time to answer questions from people who haven't
    read "How To Ask Questions The Smart Way".

    Sorry if I seem impatient, because thats what I am atm. Most of this
    post could have been googled.

    - --
    Ben M.

    - ----------------
    What are Software Patents for?
    To protect the small enterprise from bigger companies.

    What do Software Patents do?
    In its current form, they protect only companies with
    big legal departments as they:
    a.) Patent everything no matter how general
    b.) Sue everybody. Even if the patent can be argued
    invalid, small companies can ill-afford the
    typical $500k cost of a law-suit (not to mention
    years of harrasment).

    Don't let them take away your right to program
    whatever you like. Make a stand on Software Patents
    before its too late.

    Read about the ongoing battlUntitled 1e at http://swpat.ffii.org/
    - ----------------
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFADARwkY9EF6QEdTkRAsCvAJ9IYjkx3Y3+ghjFnchX4b NjY9zjVgCeJ3TS
    FyM3UKslOPPEwH+FSQpHYAk=
    =5u1l
    -----END PGP SIGNATURE-----


  9. Re: Propagating password across a linux farm

    On Mon, 19 Jan 2004 16:23:13 +0000, Ben Measures wrote:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > root wrote:
    > | On Sun, 18 Jan 2004 13:44:21 +0000, Ben Measures wrote:
    > |
    > |
    > |>-----BEGIN PGP SIGNED MESSAGE-----
    > |>Hash: SHA1
    > |>
    > |>root wrote:
    > |>| On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote:
    > |>|>Perhaps you should look at ldap to manage password authentication.
    > [snip]
    > |>
    > |>OpenLDAP is a directory server. LDAP stands for Lightweight Directory
    > |>Access Protocol.
    > |>
    > |>It is big on security, so much so that you can securely setup clients to
    > |>authenticate users not with the local password database (/etc/passwd)
    > |>but with the "database" or directory stored on the trusted LDAP server.
    > |>
    > |>In simpler terms, the client computers let the LDAP server check wether
    > |>the username/password is correct. (So you only need to manage the
    > |>username/passwords on the one computer, the LDAP server.)
    > |>
    > |
    > [snip]
    > | Unix network projects seem to tread on each others toes ?? For example if
    > | you authenticate with LDAP I guess you can get a home directory etc.... in
    > | the M/Soft world that would be a "domain controller" - but hang on isn't
    > | the unix domain controller NIS ... or this is LDAP intended as a
    > | replacement for NIS?
    >
    > Not really. It was designed with more in mind. It just happens to be
    > good at authentication. LDAP can do so much more, like provide a
    > directory of email address for your email client, to name just one.
    >
    > For more on LDAP and authentication, see
    > http://www.mandrakesecure.net/en/docs/ldap-auth.php
    > To get this link I googled ldap authentication. Came 3rd.
    > http://www.tldp.org/HOWTO/LDAP-Imple...TO/pamnss.html
    > came 5th. C'mon, to google is good.
    >
    > |
    > | Also in windows at the client can "mount" the network volume
    > | for the user, in unix file systems are statically mounted... doest this
    > | make things a bit clunky for large distributed networks or is what i'm
    > | reading out of date for linux ?
    > Network filesystems aren't statically mounted anymore. google automount
    > for info. Its been around for quite a while now (couple of years).
    >
    > There is also a great "alternative" to traditional network mounts,
    > Intermezzo. Its a true distributed filesystem, has many great features,
    > with few of the disadvantages of traditional shares.
    >
    > As a side note, you might want to have a look at
    > http://www.catb.org/~esr/faqs/smart-questions.html if you want
    > answers/non-impatient answers to your questions. I've decided only today
    > that I don't have the time to answer questions from people who haven't
    > read "How To Ask Questions The Smart Way".
    >
    > Sorry if I seem impatient, because thats what I am atm. Most of this
    > post could have been googled.
    >
    >


    For a clever person thats a bit of a stupid response. The reason to ask a
    question like "whats it for" or "is this obselete" is because it can only
    be answered by the users.

    googling for information is fine, but how do I as someone who doesn't use
    NIS for example know whats up to date and whats not. If I wanted the
    manual I would rust RTFM - I news post because I wanted the opinion.



  10. Re: Propagating password across a linux farm

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    George Elkins wrote:
    |
    | A few years ago we used NIS for sharing Unix account information and
    | passwords. Is NIS obsolete?
    You're still free to use NIS, but there are better ways now (read easier
    to administer).

    | Can someone point out advantages or disadvantages of LDAP versus NIS?
    Google can. searching for ldap athentication gave
    http://www.tldp.org/HOWTO/LDAP-Imple...TO/pamnss.html

    | Can LDAP be integrated with Windows Active Directory?
    Don't really know that one. Try another newsgroup like
    comp.os.ms-windows.nt.admin.networking

    | Thanks very much.
    |
    | George Elkins

    - --
    Ben M.

    - ----------------
    What are Software Patents for?
    To protect the small enterprise from bigger companies.

    What do Software Patents do?
    In its current form, they protect only companies with
    big legal departments as they:
    a.) Patent everything no matter how general
    b.) Sue everybody. Even if the patent can be argued
    invalid, small companies can ill-afford the
    typical $500k cost of a law-suit (not to mention
    years of harrasment).

    Don't let them take away your right to program
    whatever you like. Make a stand on Software Patents
    before its too late.

    Read about the ongoing battlUntitled 1e at http://swpat.ffii.org/
    - ----------------
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFADBaykY9EF6QEdTkRAslrAJ4tdT6eTw+siieydMZNwu QgFtdQaQCfelKj
    0wVjYV9TeXAChDAUJAUEPr4=
    =WoJT
    -----END PGP SIGNATURE-----


  11. Re: Propagating password across a linux farm

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    root wrote:
    | On Mon, 19 Jan 2004 16:23:13 +0000, Ben Measures wrote:
    |
    |
    |>-----BEGIN PGP SIGNED MESSAGE-----
    |>Hash: SHA1
    |>
    |>root wrote:
    |>| On Sun, 18 Jan 2004 13:44:21 +0000, Ben Measures wrote:
    |>|
    |>|
    |>|>-----BEGIN PGP SIGNED MESSAGE-----
    |>|>Hash: SHA1
    |>|>
    |>|>root wrote:
    |>|>| On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote:
    |>|>|>Perhaps you should look at ldap to manage password authentication.
    |>[snip]
    |>|>
    |>|>OpenLDAP is a directory server. LDAP stands for Lightweight Directory
    |>|>Access Protocol.
    |>|>
    |>|>It is big on security, so much so that you can securely setup clients to
    |>|>authenticate users not with the local password database (/etc/passwd)
    |>|>but with the "database" or directory stored on the trusted LDAP server.
    |>|>
    |>|>In simpler terms, the client computers let the LDAP server check wether
    |>|>the username/password is correct. (So you only need to manage the
    |>|>username/passwords on the one computer, the LDAP server.)
    |>|>
    |>|
    |>[snip]
    |>| Unix network projects seem to tread on each others toes ?? For
    example if
    |>| you authenticate with LDAP I guess you can get a home directory
    etc.... in
    |>| the M/Soft world that would be a "domain controller" - but hang on isn't
    |>| the unix domain controller NIS ... or this is LDAP intended as a
    |>| replacement for NIS?
    |>
    |>Not really. It was designed with more in mind. It just happens to be
    |>good at authentication. LDAP can do so much more, like provide a
    |>directory of email address for your email client, to name just one.
    |>
    |>For more on LDAP and authentication, see
    |>http://www.mandrakesecure.net/en/docs/ldap-auth.php
    |>To get this link I googled ldap authentication. Came 3rd.
    |>http://www.tldp.org/HOWTO/LDAP-Imple...TO/pamnss.html
    |>came 5th. C'mon, to google is good.
    |>
    |>|
    |>| Also in windows at the client can "mount" the network volume
    |>| for the user, in unix file systems are statically mounted... doest this
    |>| make things a bit clunky for large distributed networks or is what i'm
    |>| reading out of date for linux ?
    |>Network filesystems aren't statically mounted anymore. google automount
    |>for info. Its been around for quite a while now (couple of years).
    |>
    |>There is also a great "alternative" to traditional network mounts,
    |>Intermezzo. Its a true distributed filesystem, has many great features,
    |>with few of the disadvantages of traditional shares.
    |>
    |>As a side note, you might want to have a look at
    |>http://www.catb.org/~esr/faqs/smart-questions.html if you want
    |>answers/non-impatient answers to your questions. I've decided only today
    |>that I don't have the time to answer questions from people who haven't
    |>read "How To Ask Questions The Smart Way".
    |>
    |>Sorry if I seem impatient, because thats what I am atm. Most of this
    |>post could have been googled.
    |>
    |>
    |
    |
    | For a clever person thats a bit of a stupid response. The reason to ask a
    | question like "whats it for" or "is this obselete" is because it can only
    | be answered by the users.
    I didn't say it was a stupid question. I just pointed out that the
    question "What is LDAP for?" has already been answered and indexed in
    google. Nevertheless I did take time out to extrapolate a little.

    | googling for information is fine, but how do I as someone who doesn't use
    | NIS for example know whats up to date and whats not. If I wanted the
    | manual I would rust RTFM - I news post because I wanted the opinion.
    There was one question asking for an opinion - "Unix network projects
    seem to tread on each others toes ??". Understandably, I ignored that
    and graciously answered all others, albeit with a few references to
    links I found on google.

    Usenet is a very hostile place, and I'm sorry to see it so. I apologise
    if I have been seen to have perpetuated the situation. Btw, which part
    of my response warranted the name "stupid"? I do admit that
    |> Network filesystems aren't statically mounted anymore. google
    |> automount for info. Its been around for quite a while now (couple of
    |> years).
    might have seemed hostile and I do apologise for that. I didn't mean it
    that way. Allow me to rephrase:
    |> Network filesystems in linux now have a dynamic mounter called
    |> automount, and is now quite thoroughly tested. Please google
    |> automount for more info.

    Lets all get along, eh?

    - --
    Ben M.

    - ----------------
    What are Software Patents for?
    To protect the small enterprise from bigger companies.

    What do Software Patents do?
    In its current form, they protect only companies with
    big legal departments as they:
    a.) Patent everything no matter how general
    b.) Sue everybody. Even if the patent can be argued
    invalid, small companies can ill-afford the
    typical $500k cost of a law-suit (not to mention
    years of harrasment).

    Don't let them take away your right to program
    whatever you like. Make a stand on Software Patents
    before its too late.

    Read about the ongoing battlUntitled 1e at http://swpat.ffii.org/
    - ----------------
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFADBuCkY9EF6QEdTkRAn29AKDFOWldTVoN2khsbyAZ3R IeoJwbTwCePxyj
    5Ia1Gmqx2uj1jRO7Rvsd8e4=
    =wL6s
    -----END PGP SIGNATURE-----


  12. Re: Propagating password across a linux farm

    On Mon, 19 Jan 2004 18:01:38 +0000, Ben Measures wrote:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > root wrote:
    > | On Mon, 19 Jan 2004 16:23:13 +0000, Ben Measures wrote: | |
    > |>-----BEGIN PGP SIGNED MESSAGE-----
    > |>Hash: SHA1
    > |>
    > |>root wrote:
    > |>| On Sun, 18 Jan 2004 13:44:21 +0000, Ben Measures wrote: |>| |>|
    > |>|>-----BEGIN PGP SIGNED MESSAGE----- |>|>Hash: SHA1 |>|> |>|>root
    > wrote:
    > |>|>| On Sat, 17 Jan 2004 17:17:30 +0000, Ben Measures wrote:
    > |>|>|>Perhaps you should look at ldap to manage password authentication.
    > |>[snip]
    > |>|>
    > |>|>OpenLDAP is a directory server. LDAP stands for Lightweight
    > Directory |>|>Access Protocol.
    > |>|>
    > |>|>It is big on security, so much so that you can securely setup
    > clients to |>|>authenticate users not with the local password database
    > (/etc/passwd) |>|>but with the "database" or directory stored on the
    > trusted LDAP server. |>|>
    > |>|>In simpler terms, the client computers let the LDAP server check
    > wether |>|>the username/password is correct. (So you only need to manage
    > the |>|>username/passwords on the one computer, the LDAP server.) |>|>
    > |>|
    > |>[snip]
    > |>| Unix network projects seem to tread on each others toes ?? For
    > example if
    > |>| you authenticate with LDAP I guess you can get a home directory
    > etc.... in
    > |>| the M/Soft world that would be a "domain controller" - but hang on
    > isn't |>| the unix domain controller NIS ... or this is LDAP intended as
    > a |>| replacement for NIS?
    > |>
    > |>Not really. It was designed with more in mind. It just happens to be
    > |>good at authentication. LDAP can do so much more, like provide a
    > |>directory of email address for your email client, to name just one. |>
    > |>For more on LDAP and authentication, see
    > |>http://www.mandrakesecure.net/en/docs/ldap-auth.php |>To get this link
    > I googled ldap authentication. Came 3rd.
    > |>http://www.tldp.org/HOWTO/LDAP-Imple...TO/pamnss.html |>came
    > 5th. C'mon, to google is good. |>
    > |>|
    > |>| Also in windows at the client can "mount" the network volume |>| for
    > the user, in unix file systems are statically mounted... doest this |>|
    > make things a bit clunky for large distributed networks or is what i'm
    > |>| reading out of date for linux ?
    > |>Network filesystems aren't statically mounted anymore. google
    > automount |>for info. Its been around for quite a while now (couple of
    > years). |>
    > |>There is also a great "alternative" to traditional network mounts,
    > |>Intermezzo. Its a true distributed filesystem, has many great
    > features, |>with few of the disadvantages of traditional shares. |> |>As
    > a side note, you might want to have a look at
    > |>http://www.catb.org/~esr/faqs/smart-questions.html if you want
    > |>answers/non-impatient answers to your questions. I've decided only
    > today |>that I don't have the time to answer questions from people who
    > haven't |>read "How To Ask Questions The Smart Way". |> |>Sorry if I
    > seem impatient, because thats what I am atm. Most of this |>post could
    > have been googled.
    > |>
    > |>
    > |
    > |
    > | For a clever person thats a bit of a stupid response. The reason to
    > ask a | question like "whats it for" or "is this obselete" is because it
    > can only | be answered by the users.
    > I didn't say it was a stupid question. I just pointed out that the
    > question "What is LDAP for?" has already been answered and indexed in
    > google. Nevertheless I did take time out to extrapolate a little.
    >
    > | googling for information is fine, but how do I as someone who doesn't
    > use | NIS for example know whats up to date and whats not. If I wanted
    > the | manual I would rust RTFM - I news post because I wanted the
    > opinion. There was one question asking for an opinion - "Unix network
    > projects seem to tread on each others toes ??". Understandably, I
    > ignored that and graciously answered all others, albeit with a few
    > references to links I found on google.
    >
    > Usenet is a very hostile place, and I'm sorry to see it so. I apologise
    > if I have been seen to have perpetuated the situation. Btw, which part
    > of my response warranted the name "stupid"? I do admit that |> Network
    > filesystems aren't statically mounted anymore. google |> automount for
    > info. Its been around for quite a while now (couple of |> years). might
    > have seemed hostile and I do apologise for that. I didn't mean it that
    > way. Allow me to rephrase:
    > |> Network filesystems in linux now have a dynamic mounter called |>
    > automount, and is now quite thoroughly tested. Please google |>
    > automount for more info.
    >
    > Lets all get along, eh?
    >

    Sorry to be so blunt !

    I wasn't after a fight. I was just trying to point out that I can read
    as well as drive google..... that I am not simply lazy - and judging by
    the other responses in this thread also not the only one confused.

    As for stupid - pointing me at a URL called "smart questions" and telling
    me to google was a stupid answer to an opinion question. Until google has
    a "whats the best tool for job X" search criteria all it will do is point
    the lost at a sea of mess. Questions like "what is linux" is a google type
    question ... however questions like "whats the best tool for domain
    authentication with linux" is not. Perhaps stupid was an emotive term, if
    you look carefully I didn't call you stupid, just the statement :-) I will
    try more tact next time. I lack social skills and tact so I might make
    sysadmin yet :-D

    http://www.google.com/search?hl=en&i...=Google+Search

    What you get are a large number of pages about PHP !

    LDAP is a project thats documented like somebody trying to explain a car
    by the components, before saying its a means of transport and people go
    places in it ! Its so hung up on all its exciting possibilities it leaves
    people looking at it for first time unsure what its focus is.

    The explanations in this thread have been very useful.

    The problem I have is the same problem most linux newbies have. When
    trying to solve a problem, say domains for example its very difficult to
    know what the best/current practice is.

    In the mono windows world you typically have one tool - NT Domain
    controller for example. With linux it seems to have no standard setup for
    situations like this......

    You start with a linux distribution then configure an Authentication
    system, then a network system, then you claim an automounter - though I
    have only seen this used for disks/cds not network mounts, but my
    experience is minimal....

    From my point of view (as an ex NT person) Linux does seem to have network
    tools that tread on each others toes... its just an observation. Its not
    one tool/configuration for one job its four tools for any given job -
    often with all 4 <100% good ! Life would be simpler if linux has one tool
    clear in purpose and design, that was 100% good - no decisions to make, no
    traps for inexperienced, thats how Microsoft sell... dumb=simple=sells ;-)

    I could authenticate with a replicated passwd file, or LDAP or
    radius or even SSL. Then the user could get a home directory on NFS or
    SMB or one of the many (not well supported) cluster filesystems (about
    time the kernel had one of these and called it the standard ?).

    Nobody in the commercial world wants to build large systems using tools
    that die or don't work well, so its difficult know which horse to back for
    any solution.

    Some things like web server are an easy choice, its apache ! But network
    what do you back ? NFS ... linux still seems to have nasty NFS. I'm using
    Redhat 9 with latest updates, still doesn't fantastically well :-(

    News will always offer users the chance to say "what are you using" and
    "what works well" - google and the manual pages will never tell me that.



  13. Re: Propagating password across a linux farm

    On Sun, 18 Jan 2004 00:54:30 -0800, ynotssor wrote:

    > "root" quoted and wrote in message
    > newsan.2004.01.18.08.44.02.728333@home.com
    >
    >>> http://www.openldap.org/

    >>
    >> Am I the only person to look at this and say "what does it do ?" and
    >> "whats it for ?"
    >>
    >> The descriptions are clever, but I still don't understand what its
    >> for !!!!
    >>
    >> Is it a domain controller ? A Filesystem ? A database ? A
    >> replacement for DNS ?????

    >
    > http://www.tldp.org/HOWTO/LDAP-HOWTO/ answers all your questions.
    >


    No it doesn't - I read introduction from this before I posted, my question
    was more a "WHATFOR" than a "HOWTO".

    This HOWTO explains setup for people who know already know what its for or
    why they want to use it.

    Its been answered now.

    Cheers,
    Jon



  14. Re: Propagating password across a linux farm

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    root wrote:
    | Questions like "what is linux" is a google type question ... however
    | questions like "whats the best tool for domain authentication with
    | linux" is not.

    I'm sorry, I didn't get that you were trying to ask that kinda question.
    Glad we got that cleared up (reasonably) amicably. As to the best for
    network authentication, I've heard great things about Kerberos
    http://web.mit.edu/kerberos/www/ . Windows doesn't have support for it tho.

    | In the mono windows world you typically have one tool - NT Domain
    | controller for example. With linux it seems to have no standard setup for
    | situations like this......
    |
    | From my point of view (as an ex NT person) Linux does seem to have network
    | tools that tread on each others toes... its just an observation.

    I'll try to explain my view of why this is.

    Linux is based on "free software". In this case, people write the
    software because they have a need, and the software provides a solution.
    If a somebody feels a certain "solution" doesn't fit their need, they
    modify it, or come up with another that does.

    So there will never be a "standard" solution. At best you'll get a
    program that happens to fit with most people's needs, at that point in
    time. As soon as people need something different, some other program
    will become king. Survival of the fittest.

    Conversely, with WindowsNT being like a complete distribution now
    (rather than "just" an operating system), you get a couple of disks to
    load onto your computer, and these basically do what most people what
    their computers to do.

    The plus side is that you get one program to do one job. The downside
    is, you get one program to do one job - if your job has special
    requirements, then damn them.

    | Its not one tool/configuration for one job its four tools for any
    | given job - often with all 4 <100% good !

    Oooo, thats blasphemous! Seriously tho, Linux tools are considered to do
    their particular job *much* better than their Windows counterparts.

    | Life would be simpler if linux has one tool clear in purpose and
    | design, that was 100% good - no decisions to make, no traps for
    | inexperienced, thats how Microsoft sell... dumb=simple=sells ;-)

    I'll have to disagree with you here. Most of the tools used in Linux
    (now) have good documentation, albeit a little verbose. For reasons
    explained above, these tools also have a very particular purpose (even
    if its something like a "general-purpose database"). And their stablity
    is second to none (my definition of "good" is how infrequently it
    chrashes/breaks).

    On the otherhand, there are many traps for the inexperienced. With so
    much choice, something will go wrong if you make the wrong one. With
    Windows, you can only try one program to solve your problem.

    Flexibility (usually) comes at the cost of fewer choices. You can't have
    both. Its just that the "Linux world" chose to make more choices and get
    more flexibility.

    | I could authenticate with a replicated passwd file, or LDAP or
    | radius or even SSL. Then the user could get a home directory on NFS or
    | SMB or one of the many (not well supported) cluster filesystems (about
    | time the kernel had one of these and called it the standard ?).

    Again I must express my disagreement and say that all of the filesystems
    in the kernel.org kernel have good support and are well maintained.
    Secondly none of these will become the "standard" thing to use because
    flexibility is good, and by inference so is choice. You will always be
    able to choose between many implementations as long as they're around.

    | Nobody in the commercial world wants to build large systems using tools
    | that die or don't work well, so its difficult know which horse to back for
    | any solution.

    Thats why the companies like Red Hat and IBM do so well with selling
    Linux-based solutions. The commercial world gives IBM their problem and
    IBM make the necessary choices to fit their solution. The reason that
    the commercial world is choosing Unix/Linux more (for mission critical
    work) is simply because of the flexibility (and extreme stability) it
    offers. (Windows *desktops* still pervade the commercial world for the
    simple reason that they teach it at school! Barefaced cheek!!!
    Government sponsored monopoly, thats what it is, not bloody IT... but
    thats another story, hehe)

    | Some things like web server are an easy choice, its apache ! But network
    | what do you back ? NFS ... linux still seems to have nasty NFS.

    Do whats right for you. I know that sounds stupid, but thats what it
    comes down to. If you don't know whats the best tool for your job, pick
    one. If it doesn't fit, try another. Research is very important, but
    there comes a time to jump in and swim.

    Of course if you don't have the time for research and trying of
    solutions, you can always leave the choices up to Microsoft. However,
    you will then have to make sure your problem fits the solution instead
    of the other way around, and this is a pain to administer if your
    problem is sufficiently different.

    (Whilst were talking about it, there are plenty of other choices for
    http webservers, for all the different needs.)

    | News will always offer users the chance to say "what are you using" and
    | "what works well" - google and the manual pages will never tell me that.

    Usenet is great for those sort of questions, as long as you ask well and
    are lucky enough to find patient people.

    Man pages will never and should never tell any info other than for
    program it supports.

    Google, on the otherhand, can be used for general opinion. More likely,
    you will find more documentation and support for the programs most used.
    Squeezing google is a very good skill to have in the vastness of the
    internet. I praise the Google. Hommmm

    Then again, it was Usenet that gave you this answer...

    - --
    Ben M.

    - ----------------
    What are Software Patents for?
    To protect the small enterprise from bigger companies.

    What do Software Patents do?
    In its current form, they protect only companies with
    big legal departments as they:
    a.) Patent everything no matter how general
    b.) Sue everybody. Even if the patent can be argued
    invalid, small companies can ill-afford the
    typical $500k cost of a law-suit (not to mention
    years of harrasment).

    Don't let them take away your right to program
    whatever you like. Make a stand on Software Patents
    before its too late.

    Read about the ongoing battlUntitled 1e at http://swpat.ffii.org/
    - ----------------
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFADHvHkY9EF6QEdTkRAqe0AJ9o6IM/A4POymioNqeC/aDYO1O3VgCeKR6p
    kyFDK6wZXCq1qkRm/c+KXGI=
    =GXh8
    -----END PGP SIGNATURE-----


  15. Re: Propagating password across a linux farm

    "Ben Measures" wrote in message
    news:TEUOb.1456$LU2.1035@news-binary.blueyonder.co.uk...
    >
    > George Elkins wrote:
    > |
    > | Can someone point out advantages or disadvantages of LDAP versus NIS?
    > Google can. searching for ldap authentication gave
    > http://www.tldp.org/HOWTO/LDAP-Imple...TO/pamnss.html
    >


    That helps. Thanks.

    George Elkins




+ Reply to Thread