+1 for freeipa. It is an extremely well integrated domain controller with a functionality similar to Microsoft Active Directory. I would highly recommend setting up an AWS Virtual Private Cloud or something similar and practice deploying freeipa a few times with a few clients. It takes some understanding of the caveats and implimentation before you will be able to deploy it successfully in a production environment. Good Luck! On 24 February 2015 at 01:40, Jitse Klomp <jitseklomp at gmail.com> wrote: > On 02/24/2015 01:15 AM, Gordon Messmer wrote: > >> On 02/23/2015 08:22 AM, Niki Kovacs wrote: >> >>> 1. Users should be manageable through a GUI, probably a web interface, >>> so the client can create, manage and delete them eventually. >>> >> >> FreeIPA is a good option, generally. As best I understand it, it's >> currently available in a Docker container for CentOS. >> http://seven.centos.org/2014/12/freeipa-4-1-2-and-centos/ >> >> I haven't heard about more standard packaging, but that might come along >> later... >> > ipa-server is available from the base repos in both EL6 (v3.0) and EL7 > (v3.3). RHEL7.1 beta ships with version 4.1. EL6 clients are fully > compatible with EL7 servers and vice versa. > > 2. Home directories should be created/deleted automagically under the >>> hood. >>> >> You can use pam_mkhomedir to create them, but archiving or deleting home >> directories would be a manual process. >> > You should use pam_oddjob_mkhomedir for that, it requires fewer privileges > and integrates nicely with SELinux. > > 3. Every user should be able to login on any machines and find his or >>> her files and preferences. >>> >> You can continue using NFS for that. >> > FreeIPA also supports automount/autofs. > > You should check out the FreeIPA demo (v4.1): > http://www.freeipa.org/page/Demo > > > - Jitse > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >