Synchroning passwd files

[synt4x]

Currently I have two servers in a load balanced setup over at a coloc. I'm looking to set them up so I really only need to manage users on one server. Obviously one really basic way to keep the servers in sync would be to just cron an rsync job for /etc/{passwd,shadow,group,gshadow} from the primary server to the other server. However, this strikes me as really primitive. Obviously LDAP would do the trick, but given the size of the situation (one other server) and the huge pain in the ass involved in setting up the LDAP servers and then PAM to use the LDAP (I tried this a few years ago and it sure as hell wasn't intuitive back then)... Well, it seems like overkill (and even more packages on the system to eventually become vulnerable). Does anyone have any suggestions or solutions for this sort of situation that's easy to setup, but that will give you the advantages of instant replication?

[timeBandit]

NIS (Network Information Service, formerly Yellow Pages or yp) was designed for exactly this purpose. It's basically in-built to Linux and UNIX so it should be less hassle than LDAP...but perhaps only fractionally so. You'd need the net-nds/ypserv, net-nds/ypbind and net-nds/yp-tools packages, and a fair bit of reading from the Linux NIS Server home page. O'Reilly has an entire book on the subject: Managing NFS and NIS.

Any approach based on file-replication (like rsync) carries a slight risk of corruption from contention. The passwd and group files really should only be edited by vipw/vigr, which manage exclusive locks on the files.
_________________
Plants are pithy, brooks tend to babble--I'm content to lie between them.
Super-short f.g.o checklist: Search first, strip comments, mark solved, help others.