Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
HACMP and passwords
- Thread starter madra
- Start date
man chpasswd
Regards,
Khalid
Regards,
Khalid
You can use HACMP utilities for user creation and password changing to keep accounts synced...
you can switch password utility from "Original AIX system command" (passwd) to "Cluster Password Utility" in:
smitty cl_modpasswdutil
When it is enabled for ALL, and user changes his password on a cluster node, the password is updated on all cluster nodes.
you can switch password utility from "Original AIX system command" (passwd) to "Cluster Password Utility" in:
smitty cl_modpasswdutil
When it is enabled for ALL, and user changes his password on a cluster node, the password is updated on all cluster nodes.
What happens if one node is out of the cluster when a user updates his or her password? Does syncing occur automatically when the node joins?
Right now I ask all cluster users with access to a shell (only a couple hundred) to change their password on the node that I designated as primary. I then copy passwords over to the other nodes ever couple of hours. It's a pretty ugly approach but has worked for years now. Obviously I'll run into problems if the primary node is unavailable for any length of time and users start updating passwords on secondary nodes... but so far I haven't had that issue.
Right now I ask all cluster users with access to a shell (only a couple hundred) to change their password on the node that I designated as primary. I then copy passwords over to the other nodes ever couple of hours. It's a pretty ugly approach but has worked for years now. Obviously I'll run into problems if the primary node is unavailable for any length of time and users start updating passwords on secondary nodes... but so far I haven't had that issue.
I think cluster soft is not such clever and will not sync passwords after one node is back again.
Did you try IBM Tivoli Directory Server (LDAP)? I use it on clustered environment - all admin accounts are local of course but all customer accounts resides in the LDAP and are always up-to-date on all cluster nodes.
Did you try IBM Tivoli Directory Server (LDAP)? I use it on clustered environment - all admin accounts are local of course but all customer accounts resides in the LDAP and are always up-to-date on all cluster nodes.
- Thread starter
- #8
thanks for all your input
our customer has a live-live cluster which causes the complication. if it was ive-standby then we could just copy the files across either using HA's file collections or a bespoke script.
LDAP was given to them as an option but being a customer, they wanted something else.
We've tried to tell them that passwords are not consider a resource of or any part of HA but it just doesn't seem to sink in !!
thanks
our customer has a live-live cluster which causes the complication. if it was ive-standby then we could just copy the files across either using HA's file collections or a bespoke script.
LDAP was given to them as an option but being a customer, they wanted something else.
We've tried to tell them that passwords are not consider a resource of or any part of HA but it just doesn't seem to sink in !!
thanks
- Status
Similar threads
