Re: authentication services

Selena Deckelmann wrote:
>
> On Oct 19, 2006, at 3:21 PM, Mark Wong wrote:
>
>> It sounded like a few people had authentication services experiences
>> so I wanted to ask for some advice. I have more than a half dozen
>> systems I use for testing and that I share with other users when they
>> want to get onto the systems. Does it make sense to use a service
>> like ldap to manage the system (linux) users as well as the database
>> users? Or am I asking for more work than it's worth?
>
> It definitely makes sense. Centralizing your authentication data makes
> it way easier to maintain (to remove a user, you delete/disable it in
> *one* place!), and makes the life of your users way nicer (fewer
> passwords to misplace, mistype, misremember). You'll still have to
> create new users on each of your database clusters, but it would be
> pretty easy to automate this from a central LDAP server.
>
> Would you have to maintain the LDAP server yourself, or could you use
> someone else's server? I'd recommend the latter if you can swing it.
> They'd set up a separate subtree for you, and hopefully they'd have
> their own user creation system you could use.

I'd have to do it myself. We had ndis at one point but I think it's
gone now without anything to replace it.

> If you're interested in maintaining your own LDAP server, you'll just
> need to spend a little time learning the tools and writing a few scripts
> to automate add/delete users and group memberships. Or maybe there are
> some good LDAP mgmt tools out there now:
> http://www.linuxtopia.org/HowToGuides/how_to_configure_LDAP/graphicaltools.html

I'm interested in not having to manage users. ;) I'll take a look, if
it's not much work I don't mind doing it.

Mark