+1 for freeipa. It is an extremely well integrated domain controller with a functionality similar to Microsoft Active Directory.
I would highly recommend setting up an AWS Virtual Private Cloud or something similar and practice deploying freeipa a few times with a few clients. It takes some understanding of the caveats and implimentation before you will be able to deploy it successfully in a production environment.
Good Luck!
On 24 February 2015 at 01:40, Jitse Klomp jitseklomp@gmail.com wrote:
On 02/24/2015 01:15 AM, Gordon Messmer wrote:
On 02/23/2015 08:22 AM, Niki Kovacs wrote:
- Users should be manageable through a GUI, probably a web interface,
so the client can create, manage and delete them eventually.
FreeIPA is a good option, generally. As best I understand it, it's currently available in a Docker container for CentOS. http://seven.centos.org/2014/12/freeipa-4-1-2-and-centos/
I haven't heard about more standard packaging, but that might come along later...
ipa-server is available from the base repos in both EL6 (v3.0) and EL7 (v3.3). RHEL7.1 beta ships with version 4.1. EL6 clients are fully compatible with EL7 servers and vice versa.
- Home directories should be created/deleted automagically under the
hood.
You can use pam_mkhomedir to create them, but archiving or deleting home directories would be a manual process.
You should use pam_oddjob_mkhomedir for that, it requires fewer privileges and integrates nicely with SELinux.
- Every user should be able to login on any machines and find his or
her files and preferences.
You can continue using NFS for that.
FreeIPA also supports automount/autofs.
You should check out the FreeIPA demo (v4.1): http://www.freeipa.org/page/Demo
- Jitse
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos