Hi all, I am setting up a pair of OpenBSD jump boxes, to be a pair of bastion hosts of a large network. I would like to have a primary and backup, with the same set of users on each one. I do not want to use YP or any other form of authentication server, because part of the use case for these machines is that they are the jumping off point for fixing everything else when things are broken.
I am aware that OpenBSD goes to some length to ensure the integrity of the files /etc/passwd, master.passwd, group et al, providing various utilities to manipulate them and even vipw for those rare occasions when you want to edit the raw files, so I am very reluctant to just rsync files from the primary to the backup, bypassing these protections. Is there a clean way to do this sort of user synchronisation? I can write a script which will run useradd (or userdel etc) on one machine and then the other, but if there is a "correct" way to do such a thing, I would rather do that than reinvent the wheel. Cheers, Dave W
