node accounts

Tue Sep 12 09:06:49 PDT 2000

dear beowulf mailing list,

currently, when i change passwords, i have to go through this huge
rigamarole of creating a local passwd/shadow and rdisting it to all the
nodes.

needless to say, this is a huge waste of time and more complex than it ought
to be.

i was thinking of using NIS on the nodes.  the NIS HOWTO mentions that using
NIS with shadow is a big security risk since you lose the security of shadow
passwords.  however, we're not too concerned with security among the nodes
because the front end acts as a firewall:

                         /
  --net---- front end ----  nodes
                         \

and we've gotten rid of telnetd/ftpd/httpd on the front end, and implemented
very restrictive tcp wrappers.  basically, only a few selected hosts are
allowed to do anything with the front end.   we only use ssh to go in/out to
the front end.

so here are my questions:
1- how do other beowulf admins manage accounts on nodes?   do other people
   use NIS?  is there an alternative?
2- using NIS, can i share other useful files like /etc/group or the lamhosts
   file?

this is on a beowulf on x86 architecture running linux.

thanks!
pete