On Fri, Nov 28, 2008 at 04:41:31AM -0500, Virchanza wrote:
> >
> > As a (bad) alternative to the LDAP idea, you could just propagate
> > /etc/passwd and /etc/shadow via your favourite file transfer program to
> > all the client machines as and when you update the master copies on the
> > server.
> 
> 
> Could I just keep these on the server PC and mount them into the local
> PC's file system before login? Perhaps I could replace these files with
> symbolic links?

IIRC the symbolic links do not work for those files. Programs that access
those files will replace the link with a real file.

> 
> 
> > if a user
> > wants to change their password, it would only be changed on the machine
> > that they typed the new password on.
> 
> 
> I could make the "shadow" file read-only so that they can't change their
> password, plus I'll remove execute permissions for "passwd". If they try
> to change their password manually by themselves, they'll get an error
> because they won't having write privileges to "shadow".
> 
> In order to change their password, they run a script that sends a
> request to my server PC to change their password. (I could even save
> this script as "passwd").

Too much complexity. This problem is already solved. NSS + ldap is the
standard solution for shared accounts.

BAJ
-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist