2014-01-28 Mauricio Tavares <raubvogel at gmail.com> > On Tue, Jan 28, 2014 at 9:47 AM, Darod Zyree <darodzyree at gmail.com> wrote: > > 2014-01-28 Laurent Wandrebeck <l.wandrebeck at quelquesmots.fr> > > > >> > >> Matt Garman <matthew.garman at gmail.com> a écrit : > >> > >> > On Tue, Jan 28, 2014 at 3:02 AM, Sorin Srbu <Sorin.Srbu at orgfarm.uu.se > > > >> wrote: > >> >> The only thing I'm trying to accomplish is a system which will allow > me > >> to > >> >> keep user accounts and passwords in one place, with one place only to > >> >> administrate. NIS seems to be able to do that. > >> >> > >> >> Comments and insights are much appreciated! > >> > > >> > A related question: is NIS or LDAP (or something else entirely) better > >> > if the machines are not uniform in their login configuration? > >> > > >> > That is, we have an ever-growing list of special cases. UserA can > >> > login to servers 1, 2 and 3. UserB can log in to servers 3, 4, and 5. > >> > Nobody except UserC can login to server 6. UserD can login to > >> > machines 2--6. And so on and so forth. > >> > > >> > I currently have a custom script with a substantial configuration file > >> > for checking that the actual machines are configured as per our > >> > intent. It would be nice if there was a single tool where the > >> > configuration and management/auditing could be rolled into one. > >> > > >> > Thanks! > >> > Matt > >> > >> You'd be fine with IPA which allows you to create such rules. > >> > >> HTH, > >> Laurent. > >> _______________________________________________ > >> > > > > > > > > > > > > Indeed, and IPA does this quite well. > > > > We use IPA on all servers and workstations. > > > > - Sudo information comes from IPA > > > > - Autofs information comes from IPA > > > > - Host based access control comes from IPA > > > > - Central user management/identity > > > i read that IPA can do multimaster. How well does it do it > compared to openldap? > > > I can't say how well it does compared to openldap but the replication is quick reliable. For example; we test IPA masters by (re)applying settings in user accounts etc. while "crashing" them at random (removing power; they were virtual machines)