[CentOS] User Management

Mon Jul 6 22:42:38 UTC 2009
Ross Walker <rswwalker at gmail.com>

On Jul 6, 2009, at 12:15 PM, "Justin Lim" <jlim at sullung.com> wrote:

> I am just wondering how other people are doing their user management  
> for
> multiple servers that not in any type of directory.
>
> Do anyone use any application that query each server for users or  
> keep a
> database of users that's on each server?
>
> I would like to get feedback on what others use...

I use active directory since I am platform agnostic.

If you want directory service quick 'n dirty go with NIS+Kerberos,  
then you can look at LDAP as an addition or replacement for NIS later  
after things are working.

NIS will allow anyone on the network to query it, so don't put  
passwords in it, just usernames, full name, uid/gid, home, shell.  
Create Kerberos principals for each user and for each computer and  
each computer/service (that supports Kerberos SSO that is). Then use  
pam_krb5 for authentication while adding NIS support in nsswitch.

You can migrate the users to LDAP later if need be.

-Ross