Syncing user accounts across multiple servers
I have been wondering if there is a better way to manage user accounts across multiple servers.
At the moment, I have a main user account (e.g. 'user') on my home/dev machine, and for each server I manually create that same 'user' account. Then I use rsync to copy my .ssh directory and any other directories I want to each new server.
While this seems OK for managing the 2 servers I currently manage, I cannot imagine doing the same thing for 10+ servers, and was wondering what the best way to go about this was.
Thanks!
Solution 1:
There are two popular approaches
- You either setup central authentication (ldap, nis).
- You setup a configuration management system (puppet,chef,cfengine, shell script) to automatically create accounts, and configure the environment on all your managed systems.
Central authentication systems are good when all the systems are all under the control of the same organization. It tends to be necessary when you have lots of users, and when will need to use the authentication for many things behind just logging in.
The configuration management way is good if you generally just need to setup a small number of remote admin accounts, and service accounts.
Solution 2:
For smaller/simpler deployments, a project called Internet Account Replication (IAR) could help. It has a simple server-client architecture and synchronises the credentials using SSH.