Internet Account Replication (IAR)
Not logged in


Internet Account Replication (IAR) replicates POSIX user credentials between hosts. It is like NIS, but it:

It utilizes GNU nsswitch.conf (in glibc) for integration, so it works on all modern Linux distros. (Installation is automatic, so no knowledge of nsswitch.conf necessary.)

GNU GPL 3 licensed.

Downloads: Via SourceForge
Instruction Manual: Here
Support: Here
SourceForge Project Page: Here


Mar 16, 2016 - Update

The script contains a bug which sets the permissions too tight for "/var/lib/iar/client" on clients and slave servers. To correct, after setup run:

$ chmod o+rx /var/lib/iar/client

The source tree is now also available in this public fossil repo. In the next several days, pending improvements will start to be committed including:

Mar 16, 2015 - Version 0.99.7 Released

$ iar
Internet Account Replication - IAR  ver 0.99.7 (Protocol ver 1.0.0)
Authors: Peter Fedorow, Brian Tiffin
Copyright (C) 2014, 2015 Hotel Communication Network, Inc.

This tool replicates account credentials over SSH from servers to clients.
It is designed as a simplified successor to NIS and trivial alternative to
LDAP for synchronization of POSIX account credentials.  The NSS module is
derived from the nss-extrausers module.

Almost all IAR commands require root permissions, unless marked below as
  (non-privileged).  This requirement includes "iar status"

Usage: /usr/bin/iar [-h|--help] | COMMAND

  help                     Display this help message (non-privileged)
  status                   Display program status
  client                   Invoke client mode
  client-dynamicpolling    Dynamically decide if now is a resource efficient time to run the client
  server                   Invoke server mode for testing - "iar-server" symlink also does, but very quiet
  client-setup             Sets up system to autorun client via cron/init job
  server-setup             Creates account for server-mode ssh invocation
  servermode master|slave  Switches between 'master' and 'slave' mode
  approve                  Approve a client to retrieve account data from the server
  approve-subnet <subnet>  Approves all clients connecting from given subnet. Hint: Unsafe, do not use.
  adduser <username>       Replicated user-account: create a user
  deluser <username>       Replicated user-account: delete a user
  passwd <username>        Replicated user-account: change a user's password
  lock <username>          Replicated user-account: lock / disable password and keypair login for an account
  unlock <username>        Replicated user-account: unlock / reverses lock for an account
  lockpasswd <username>    Replicated user-account: lock / disable password login for an account
  unlockpasswd <username>  Replicated user-account: unlock / enable password login for an account
  addgroup <groupname>     Replicated user-account: create a group
  delgroup <groupname>     Replicated user-account: delete a group
  remove                   Uninstall server and client, logs and configuration remain
  purge                    Performs a "remove" first.  Purges all -logs- and -configuration-.  Like it was never installed.

Report IAR bugs to
Internet Account Replication home page: <>
For complete documentation, see: docs/sphinx/index.html ie. 'www-browser docs/sphinx/index.html'

Dec 19, 2014 - Version 0.99.1 Released

$ sudo iar status

Using configuration "/etc/iar/iar.conf"

Last-Successful-Poll: iar:22322 on Fri Dec 19 00:53:28 EST 2014
Status: Client - Clean exit.
Running on AC.  Dynamic polling off.

Dec 5, 2014 - Version 0.98 Released

Dec 2, 2014 - Version 0.96 Released

Dec 1, 2014 - Version 0.95 Released