Internet Account Replication (IAR): Internet Account Replication (IAR)

Description

Internet Account Replication (IAR) replicates POSIX user credentials between hosts. It is like NIS, but it:

Is really easy to use — it practically works out of the box;
Works over the Internet — it is compatible with regular firewalls; and,
Uses SSH to encrypt the data-flow

It utilizes GNU nsswitch.conf (in glibc) for integration, so it works on all modern Linux distros. (Installation is automatic, so no knowledge of nsswitch.conf necessary.)

GNU GPL 3 licensed.

Downloads: Via SourceForge
Instruction Manual: Here
Support: Here
SourceForge Project Page: Here

News

Mar 16, 2016 - Update

The script contains a bug which sets the permissions too tight for "/var/lib/iar/client" on clients and slave servers. To correct, after setup run:

$ chmod o+rx /var/lib/iar/client

The source tree is now also available in this public fossil repo. In the next several days, pending improvements will start to be committed including:

Fix for the bug described above.
Message text and formatting improvements.
Removal of the requirement for NixHash on non-apt (.deb) servers. This will benefit Redhat, Fedora, OpenSuSE, SLES, etc.
Support for the nscd credential cache. This will particularly benefit OpenSuse and SLES.
Status message improvements.

Mar 16, 2015 - Version 0.99.7 Released

Improved documentation
Bugfixes; more security, better status display, group management fix

$ iar
Internet Account Replication - IAR  ver 0.99.7 (Protocol ver 1.0.0)
Authors: Peter Fedorow, Brian Tiffin
Copyright (C) 2014, 2015 Hotel Communication Network, Inc.

This tool replicates account credentials over SSH from servers to clients.
It is designed as a simplified successor to NIS and trivial alternative to
LDAP for synchronization of POSIX account credentials.  The NSS module is
derived from the nss-extrausers module.

Almost all IAR commands require root permissions, unless marked below as
  (non-privileged).  This requirement includes "iar status"

Usage: /usr/bin/iar [-h|--help] | COMMAND

Commands:
  help                     Display this help message (non-privileged)
  status                   Display program status
  client                   Invoke client mode
  client-dynamicpolling    Dynamically decide if now is a resource efficient time to run the client
  server                   Invoke server mode for testing - "iar-server" symlink also does, but very quiet
  client-setup             Sets up system to autorun client via cron/init job
  server-setup             Creates account for server-mode ssh invocation
  servermode master|slave  Switches between 'master' and 'slave' mode
  approve                  Approve a client to retrieve account data from the server
  approve-subnet <subnet>  Approves all clients connecting from given subnet. Hint: Unsafe, do not use.
  adduser <username>       Replicated user-account: create a user
  deluser <username>       Replicated user-account: delete a user
  passwd <username>        Replicated user-account: change a user's password
  lock <username>          Replicated user-account: lock / disable password and keypair login for an account
  unlock <username>        Replicated user-account: unlock / reverses lock for an account
  lockpasswd <username>    Replicated user-account: lock / disable password login for an account
  unlockpasswd <username>  Replicated user-account: unlock / enable password login for an account
  addgroup <groupname>     Replicated user-account: create a group
  delgroup <groupname>     Replicated user-account: delete a group
  remove                   Uninstall server and client, logs and configuration remain
  purge                    Performs a "remove" first.  Purges all -logs- and -configuration-.  Like it was never installed.

Report IAR bugs to iar@hcn-inc.com
Internet Account Replication home page: <http://iar.sourceforge.net/>
For complete documentation, see: docs/sphinx/index.html ie. 'www-browser docs/sphinx/index.html'

Dec 19, 2014 - Version 0.99.1 Released

Added ability to whitelist subnets.
Major documentation improvements.
Implemented "servermode" command for easier switching between "master" and "slave".
Include HTML version in documentation packages.
Minor code clean-ups.
Program and packaging bug fixes.

$ sudo iar status

Using configuration "/etc/iar/iar.conf"

Status
------
Mode=Client
Last-Successful-Poll: iar:22322 on Fri Dec 19 00:53:28 EST 2014
Status: Client - Clean exit.
Running on AC.  Dynamic polling off.

Dec 5, 2014 - Version 0.98 Released

Packaging improves including software dependency fixes
Substantial documentation improvements

Dec 2, 2014 - Version 0.96 Released

Numerous bug fixes
Improved documentation
Display the client's last run status message on "status" screen.

Dec 1, 2014 - Version 0.95 Released

First SourceForge Release
Added client-setup, server-setup, remove, purge, dynamic polling
Documentation updates