passwdsyncd.cfg

NAME

SYNOPSIS

AVAILABILITY

DESCRIPTION

FILEFORMAT

Between the OPTION, the = and the VALUE are no spaces.

Rows starting with a # are considered as comments.

You should not comment out any OPTION If you like to use default settings simply do not specify a VALUE.

OPTIONS

START_USER

This is the user passwdsyncd has to be started with.

Example: START_USER=eroot

Default: START_USER=root

SYSTEM_TYPE

Type of system the passwdsyncd is started on. Set SYSTEM_TYPE to trusted for HP-UX Trusted system, to passwd for systems with passwords in /etc/passwd (not implemented yet) and to shadow for systems with passwords in /etc/shadow (not implemented yet). It probably won't be possible to mix system types.

Example: SYSTEM_TYPE=trusted

Default: SYSTEM_TYPE=trusted

LOG

Log output dir of passwdsyncd. If you specify a relative path name the path is relative to the root of the WA2L/edrc installation.

Example: LOG=/var/opt/edrc/log

Default: LOG=var/log

SPOOL_DIR

Spool output basedir to save the transferred password information. If you specify a relative path name the path is relative to the root of the WA2L/edrc installation. In general it is not recommended to set the SPOOL_DIR within WA2L/edrc, locate it in a system own directory.

Example: SPOOL_DIR=/var/spool

Default: SPOOL_DIR=var

SYNC_HOSTLIST

Space separated list of hosts that take part on a password synchronization.

Example: SYNC_HOSTLIST="dcdbsi61 dcdbsi62 dcdbsi71"

Default: SYNC_HOSTLIST=

DYNAMIC_SYNC_EXPANSION

Expand the SYNC_HOSTLIST dynamically with hosts from which additional synchronizations has been received. If this option is set to True dynamic expansion is enabled, if it is set to False it is disabled.

Example: DYNAMIC_SYNC_EXPANSION=True

Default: DYNAMIC_SYNC_EXPANSION=False

LOCKOUT_SYNC

Synchronize locked users. This setting has effect on the following system types: trusted. If LOCKOUT_SYNC is set to locked users are synchronized, if set to False a lock of a user will remain on one system and will not be synchronized to other systems.

Example: LOCKOUT_SYNC=True

Default: LOCKOUT_SYNC=False

DIST_MODE

Comma separated list of modes used to distribute the password information. The supported modes are: rtools which result in the use of rcp and rsh or OpenSSH which results in the use of scp and ssh for distribution. If a comma separated list is provided, the connection initiation is made in the sequence specified. A pseudo distribution mode is default which results in the use of the CONNECTION_MODE specified in the configuration files remote_shell.cfg and remote_copy.cfg. It is not allowed to specify default as part of a comma separated list.

Example: DIST_MODE=rtools,OpenSSH

Default: DIST_MODE=rtools

DIST_USER

User used to distribute the files in SCRIPTS_BASEDIR. The home of this user is considered as the root of the WA2L/edrc installation. See edrcsetup(1m) for information about user settings needed by WA2L/edrc.

Example: DIST_USER=edrc

Default: DIST_USER=edrc

EDRC_OWNER

Owner of the WA2L/edrc software. This is the user the EDRC environment is installed with. See edrcsetup(1m) for information about user settings needed by WA2L/edrc.

Example: EDRC_OWNER=root

Default: EDRC_OWNER=root

SYNC_INTERVAL

Synchronization interval in seconds. passwdsyncd checks in the interval specified here if passwords have changed since the last check. If so a synchronization attempt to the other hosts participating in a synchronization will take place. The SYNC_INTERVAL should be set to a figure that the passwords are synchronized within a "reasonable" timeframe. Due to the fact that passwdsyncd is not a Master-Slave construct, the more servers participate in a synchronization, the more synchronization traffic will be generated.

Example: SYNC_INTERVAL=300

Default: SYNC_INTERVAL=600

EXCLUDE_USERS

Exclude this users from synchronization.

Example: EXCLUDE_USERS=root,bin,daemon,sys,adm,uucp,lp,hpdb,sshd

Default: EXCLUDE_USERS=""

LOCKDIR

Lock dir of passwdsyncd . If you specify a relative path name the path is relative to the root of the WA2L/edrc installation. In general it is not recommended to set the lockdir within WA2L/edrc, locate it in a system own directory.

Example: LOCKDIR=/var/run

Default: LOCKDIR=var/lock

SECRET

Synchronization secret password. This password has to be identical on all hosts which participate in a synchronization.

Example: SECRET="myT0PsecretPa55w0rd"

Default: SECRET="wBnCYP4HOb8Xw"

SECRET_LIFETIME

Synchronization secret ( SECRET ) lifetime in 100 seconds (example: SECRET_LIFETIME = 1 equals to 100 seconds). After this duration the encrypted synchronization file will not be accepted by the hosts which participate in a synchronization. To disable secret ageing, set SECRET_LIFETIME to 0.

This setting is currently partly ignored: the secret lifetime is 100 seconds independent of the settings made here, except it is set to 0.

Example: SECRET_LIFETIME=1

Default: SECRET_LIFETIME=1

ENCRYPTION_MODE

Mode of encryption of the transferred password information. Currently the following modes are supported: Enigma (simple Unix crypt. This option requires crypt(1) to be installed on all participating systems), AES (Advanced Encryption Standard. This option requires ccrypt(1) to be installed on all participating systems) and NO (no encryption. This option is not recommended for permanent solutions, but does not need crypt(1) or ccrypt(1) ).

Example: ENCRYPTION_MODE=AES

Default: ENCRYPTION_MODE=Enigma

SEE ALSO

NOTES

BUGS

AUTHOR

COPYRIGHT

This is free software; see edrc/doc/COPYING for copying conditions. There is ABSOLUTELY NO WARRANTY; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.