Mike Egglestone said: > Hi, > Is there a debian package for syncing root passwords on multiple servers? > If I had a 100 debian servers, and want the root passwords all be the > same, is there a util that will sync just the root password?
it may be a bit overkill for just 1 account but there is LDAP too. and LDAP allows you to remotely "disable" accounts as well. So even if you have the root password, the system will not allow you to authenticate. This is the same for SSH key logins. PAM will block access to the account(not even su will work). It's useful I think for systems that do not get logged into often. If you have 100 servers chances are some servers probably almost never get logged in to. You can authenticate using SSL/TLS with LDAP as well making the network communications more secure. That and if some script kiddie manages to get your passwd or shadow file through whatever means the passwords in them will be useless(provided PAM is fully configured). Since most people are not quite aware of LDAP, and LDAP can be configured to not allow anonymous queries. It's quite powerful and fun to use. You can go further by authenticating off a slave openldap server which is "read only", so modification to the db will be impossible. I have a fairly extensive LDAP howto available here: http://howto.aphroland.de/HOWTO/LDAP nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
