What are my options for centralizing Unix user management

unix user-management ldap

There's several options, but it largely depends on your goals. LDAP is a lot more "light-weight" than you think. It's name is "Lightweight Directory Access Protocol" after all. A lot of it's "bulk" comes in when you add extra stuff to it. Of course, you can use almost anything to centralize authentication when it comes to *nix flavored OSes with PAM. Even a flat-text file if you so choose. Kerberos is another option... Radius... Samba/Active Directory... the list goes on. The biggest question is... how much do you want it to do... and what do you want from it?


Take a look at PAM-MySQL or libnss-mysql. If you feel like being forgiving to LDAP, give nss_ldap a look over.


What's a simple, lightweight method for centralizing user management?

One light-weight method is to simply provision accounts with your configuration management system. For example Puppet is pretty easy to work with, and you can easily use it to create accounts. This probably wouldn't work well if you have a large number of non-technical users.

Right now, I only have 4 accounts I need to get setup on ~50 servers, setting up ldap/nis would be a big pain, particularly since some of the systems are located at remote customer locations.

Since your number of servers is growing, you should almost certainly be seriously looking at a configuration management system if you don't have one already.

Related

Renting a IPv4 address block [closed]
Manually transfer MySQL databases
EC2 FileZilla login OK but no write or delete access
Subnet Masking in IPv6
How to find out what command was done with my FTP log?
NTFS Permissions Auditing with PowerShell
Proftpd CentOS user can only login with a /bin/bash shell
mysqldump stored procedures without locking tables
ntpd running as non-root, but outgoing packets match as uid 0
Postfix sasl auth only for fallback_relay
What causes duplicate ICMP ECHO responses?
How to return 403 instead 500 response code after auth_request fails