2014-01-28 Mauricio Tavares raubvogel@gmail.com
On Tue, Jan 28, 2014 at 9:47 AM, Darod Zyree darodzyree@gmail.com wrote:
2014-01-28 Laurent Wandrebeck l.wandrebeck@quelquesmots.fr
Matt Garman matthew.garman@gmail.com a écrit :
On Tue, Jan 28, 2014 at 3:02 AM, Sorin Srbu <Sorin.Srbu@orgfarm.uu.se
wrote:
The only thing I'm trying to accomplish is a system which will allow
me
to
keep user accounts and passwords in one place, with one place only to administrate. NIS seems to be able to do that.
Comments and insights are much appreciated!
A related question: is NIS or LDAP (or something else entirely) better if the machines are not uniform in their login configuration?
That is, we have an ever-growing list of special cases. UserA can login to servers 1, 2 and 3. UserB can log in to servers 3, 4, and 5. Nobody except UserC can login to server 6. UserD can login to machines 2--6. And so on and so forth.
I currently have a custom script with a substantial configuration file for checking that the actual machines are configured as per our intent. It would be nice if there was a single tool where the configuration and management/auditing could be rolled into one.
Thanks! Matt
You'd be fine with IPA which allows you to create such rules.
HTH, Laurent. _______________________________________________
Indeed, and IPA does this quite well.
We use IPA on all servers and workstations.
Sudo information comes from IPA
Autofs information comes from IPA
Host based access control comes from IPA
Central user management/identity
i read that IPA can do multimaster. How well does it do itcompared to openldap?
I can't say how well it does compared to openldap but the replication is quick reliable.
For example; we test IPA masters by (re)applying settings in user accounts etc. while "crashing" them at random (removing power; they were virtual machines)