HACMP Password Sync -automate it?

[baggetta]

I have a HACMP configuration of "mutal takeover cascading". In other words, 2 physical servers, sharing hard drives. When one server fails (ie:motherboard) it shuts down, and moves its resources over to the other server.

Anyways, when I have to create a user, I use "smit HACMP" and the script looks something like this:
x() {
/usr/es/sbin/cluster/cspoc/fix_args nop cl_chpasswd -cspoc -f -k $*
if [ $? -ne 0 ]
then
exit 1
fi
}
x username-goes-here

Scenario:
I create the user with a default password of "password". The local node(1) and other node(2) etc/security/passwd file is the same at this point. When the user logs in for the first time on Node(1) it will force the user to change their password. Node(2) will not get updated with the new password. This is the problem. How do I make the other Node(2) have the same new password like Node(1)? And on day-to-day operations, if a user forgets their password, and I need to reset it, I would like both nodes to have the same password in the /etc/security/passwd file. Does anyone have any suggestions other than using a NIM server to do this?

 

[Annihilannic]

You could use rsync in a cron job every five minutes or so to keep the two passwd files synchronised?

Annihilannic.

 

[marsd]

Expect.

http://expect.nist.gov

 

[baggetta]

I can't copy the password files from one node to the other. In an HACMP cascading env. Users use 1 server for one type of buisness, the other server is something else. It's too hard to explain in an email, bottom line, both nodes 1,2 have seperate passwd files and I cannot sync these.

What I need to do is find out if someone has the source code to passwd command so I can remotely execute it for node 2 when the user is changing their password on node 1.

 

[Annihilannic]

How will you be able to change the password of a user on the other node if that user isn't in the passwd file?

Why not have all users in both passwd files and just keep them synchronised?

Annihilannic.

 

[baggetta]

Annihiannic - without going into detail, in an HACMP env. such as ours, the usernames do get created on both servers regardless of where I create them. (see my first email script that HACMP uses to do this) I can't sync. both passwd files because some users do not use the other server and is needed only when HACMP kicks in. And since our installation, this would be impossible now because on the other server, the users password has not been set when I created the user, this is why I need to either ask the user 2 times for their password, one time for node 1, then ask again on node 2. It would be nice if I could get the users's password they entered, save it, then call "passwd" command on the other node and pass their password to this command so its not intrusive to AIX. I don't want to start editing the /etc/security/passwd file, I hear this is not a good solution.

 

[Annihilannic]

In that case you will probably need to create a wrapper script and either replace the /usr/bin/passwd binary, train your users to use a different command to change their password, or put another passwd script in the PATH before /usr/bin.

As marsd said, the ideal language to write the script in would be Expect because passwd doesn't read from standard input.

Annihilannic.