Distributed Password Files?

mrbill asks: "I'm looking for a distributed password/group file system for a mixed network - we've got Linux, HP-UX, IRIX, and Solaris (some using shadowed password files, some not) systems here, but I need to keep the passwords on the machines synchronized to a "master" machine, *without* using NIS/NIS+. Rdist is not acceptable either, since obviously a HP-UX machine cant use a password file straight from an IRIX box, etc. Suggestions? "

Kerberos

[coyote-san]

This is exactly the type of situation Kerberos was designed to handle.. and it's no coincidence that Micros~1 has based W2K security on a (suitably 'enhanced' version of) Kerberos.

An additional benefit to Kerberos is that many open packages include Kerberos support. Lprng and postgres SQL are two well-known examples. Work in a Kerberized environment for awhile and going back to a system where every application maintains its own authentication information is painful.

There are commercial packages available, or if you're in the US or Canada you can grab free source from MIT. If you're overseas, you can grab the Kth distribution. I know the latter is packaged in Debian 2.1.

Finally, many people complain that Kerberos is hard to set up and use. I've never had a problem with it and I think it might be the dreaded CLI factor - the pure MIT version focuses on security, not pretty wizards. For a large installation you'll probably want to set up a primary and secondary KDC in a secure area, but even if you use dedicated hardware you should find a 386 running Linux is more than adequate.