> idea. Before putting ssh in, I used to run ftp on > the password file to various > machines that I wanted to update. User home dirs > were all the same for those > machines, but ~root was individual, as was all the > os files, including passwd. > Scp could be used to distribute the file as well as > doing pwconv, thus > hopefully keeping ipspoofing (nfs or whatever) out > of the equation. yes but i dont want to copy the passwd and shadow file everytime i add a new user, > Apologies if I don't understand what you're really > trying to do. nope, you hit it right on... here is the <music please> master plan: i would have a simbolic link of the "passwd" and the "shadow" file in the /home directory, i would then export the home directory and have it exported and mounted as /home on the workstations, on the workstation /etc/passwd and /etc/shadow would link to the links in the home directory, that way i only have to update passwd once and people get to see their stuff on any machine without have to "login" to a server AND be able to use these machines resources like floppy/cdrom/sound card etc now you mentioned ipspoofin as a security risk, can i block against it? and what other concerns can you forsee? -muir ===== -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GAT GIT dpu- s:- a19 C++ UL P+ L+(++) E--- W+ N+ w(--) K? O-- M- V- PS+ PE-(--) Y-- PGP-(---) t 5+++ X R tv-- b+++ D++ DI++ G e+ h+() r- y+ UF++ ------END GEEK CODE BLOCK------ __________________________________________________ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/