One user database for multiple systems - how?

Dan Egli ddavidegli at gmail.com
Wed May 6 03:18:28 MDT 2015


On Monday, May 4, 2015, Lonnie Olsen wrote:

> NIS+ has been depreciated for reasons of security. LDAP (and

> occasionally Kerberos) are the new standard.



*shudder* Maybe I'll just stick with my method. It may be kludgy, but it's
a HELL of a lot easier to implement than any LDAP lookup sequence I ever
saw. Call it a mental block or a paradigm shift, but I've seen some LDAP
queries, and setting them up with all the proper sections just makes me
shudder thinking about it. I've already scripted a multi-machine setup
method. It's ugly and kludgy, I freely admit. But to me it makes a _HELL_
of a lot more sense than LDAP ever COULD. I'm sure people will disagree
with me, but the idea of setting up OpenLDAP to accept queries looking like
"dn=this,ou=that,ou=other" and having to keep track of this, that, and the
other honestly just SCARES me. LDAP is for people who are absolutely expert
and can understand it. I have a very hard time understanding it.



I'll probably look at freeipa, just out of curiosity, but I don't foresee
implementing that. Especially not on such a small project (six machines
plus a server). That simplistic alternative is basically what I already do,
although not quite that simply (I may have to go that route). As it stands
now, I run a "newuser" script and it calls useradd on the NFS root, then
executes a call to the server and a script on the server handles the tasks
on the server (like calling useradd on the server and setting a quota on
the nfs partition).



Thanks for the tips.
--- Dan

On Mon, May 4, 2015 at 7:32 AM, Lonnie Olson <lists at kittypee.com> wrote:

> On Mon, May 4, 2015 at 4:50 AM, Dan Egli <ddavidegli at gmail.com> wrote:
> > I was thinking I might just go for NIS+ or something, but I have
> absolutely
> > NO idea how to set anything like that up.
>
> NIS+ has been deprecated for reasons of security.  LDAP (and
> optionally Kerberos) are the new standard.
> There are a million ways to implement them, but the easiest and
> feature complete I have found is using FreeIPA
> (http://www.freeipa.org).
>
> There is a more simplistic alternative.  Automate a process to copy
> files (passwd,shadow,hosts,etc) to all machines involved.  This can be
> done via basic scripting, or a config management tool (puppet, chef,
> ansible, cfengine, etc).
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>


More information about the PLUG mailing list