One user database for multiple systems - how?
herlo1 at gmail.com
Wed May 6 10:48:15 MDT 2015
Have none of you heard about FreeIPA? I did a presentation at PLUG about 6
months ago. Here's the OpenWest presentation from last year -
https://www.youtube.com/watch?v=Pjh6o6UbQ48. It's what you want!
On Wed, May 6, 2015 at 3:18 AM, Dan Egli <ddavidegli at gmail.com> wrote:
> On Monday, May 4, 2015, Lonnie Olsen wrote:
> > NIS+ has been depreciated for reasons of security. LDAP (and
> > occasionally Kerberos) are the new standard.
> *shudder* Maybe I'll just stick with my method. It may be kludgy, but it's
> a HELL of a lot easier to implement than any LDAP lookup sequence I ever
> saw. Call it a mental block or a paradigm shift, but I've seen some LDAP
> queries, and setting them up with all the proper sections just makes me
> shudder thinking about it. I've already scripted a multi-machine setup
> method. It's ugly and kludgy, I freely admit. But to me it makes a _HELL_
> of a lot more sense than LDAP ever COULD. I'm sure people will disagree
> with me, but the idea of setting up OpenLDAP to accept queries looking like
> "dn=this,ou=that,ou=other" and having to keep track of this, that, and the
> other honestly just SCARES me. LDAP is for people who are absolutely expert
> and can understand it. I have a very hard time understanding it.
> I'll probably look at freeipa, just out of curiosity, but I don't foresee
> implementing that. Especially not on such a small project (six machines
> plus a server). That simplistic alternative is basically what I already do,
> although not quite that simply (I may have to go that route). As it stands
> now, I run a "newuser" script and it calls useradd on the NFS root, then
> executes a call to the server and a script on the server handles the tasks
> on the server (like calling useradd on the server and setting a quota on
> the nfs partition).
> Thanks for the tips.
> --- Dan
> On Mon, May 4, 2015 at 7:32 AM, Lonnie Olson <lists at kittypee.com> wrote:
> > On Mon, May 4, 2015 at 4:50 AM, Dan Egli <ddavidegli at gmail.com> wrote:
> > > I was thinking I might just go for NIS+ or something, but I have
> > absolutely
> > > NO idea how to set anything like that up.
> > NIS+ has been deprecated for reasons of security. LDAP (and
> > optionally Kerberos) are the new standard.
> > There are a million ways to implement them, but the easiest and
> > feature complete I have found is using FreeIPA
> > (http://www.freeipa.org).
> > There is a more simplistic alternative. Automate a process to copy
> > files (passwd,shadow,hosts,etc) to all machines involved. This can be
> > done via basic scripting, or a config management tool (puppet, chef,
> > ansible, cfengine, etc).
> > /*
> > PLUG: http://plug.org, #utah on irc.freenode.net
> > Unsubscribe: http://plug.org/mailman/options/plug
> > Don't fear the penguin.
> > */
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
More information about the PLUG