Difference between revisions of "Centralized Authentication Proposal"
(→OpenLDAP/389 Directory) |
|||
| Line 9: | Line 9: | ||
* More modern approach to user management | * More modern approach to user management | ||
* Less inconsistencies throughout builders | * Less inconsistencies throughout builders | ||
| + | * Ability to document centralized logon performance in ARM space | ||
| + | ** valuable research for enterprise hardware | ||
===Arguments Against=== | ===Arguments Against=== | ||
| − | * Additonal services running on | + | * Additonal services running on Hongkong/Ireland |
* Increased network traffic | * Increased network traffic | ||
* additonal point of failure | * additonal point of failure | ||
| + | ** Can have backup/slave servers | ||
| Line 23: | Line 26: | ||
** | ** | ||
* Cons | * Cons | ||
| − | ** | + | ** Not the most scalable system |
| + | *** Mitigated by the fact that our farm is less than 100 machines | ||
====OpenLDAP/389 Directory==== | ====OpenLDAP/389 Directory==== | ||
| − | * LDAP is an industry standard | + | * Pros |
| − | * Extensible | + | ** LDAP is an industry standard |
| − | * Fine Grained | + | ** Extensible |
| + | ** Fine Grained | ||
| + | ** Lots of nice and easy to use management tools | ||
| + | * Cons | ||
| + | ** Perhaps too complex | ||
| + | ** | ||
====Kerberos/Heimdall==== | ====Kerberos/Heimdall==== | ||
====Other==== | ====Other==== | ||
Latest revision as of 11:19, 24 April 2012
While implementing the BCFG2 configuration management system on the build farm, the prospect of having a passwd, shadow and group file controlled by the utility was brought up several times. While this is one method of managing a consistent set of users and groups across the build farm, I feel that there is other software available that would be better suited for this task.
Contents
Arguments For
- More easily managed users
- consistent home directories over NFS
- SSH keys always there
- Test builds stored on network drive/doesn't take up space on builders
- More modern approach to user management
- Less inconsistencies throughout builders
- Ability to document centralized logon performance in ARM space
- valuable research for enterprise hardware
Arguments Against
- Additonal services running on Hongkong/Ireland
- Increased network traffic
- additonal point of failure
- Can have backup/slave servers
Means and methods
NIS/NIS+
- Pros
- Quick and easy
- Cons
- Not the most scalable system
- Mitigated by the fact that our farm is less than 100 machines
- Not the most scalable system
OpenLDAP/389 Directory
- Pros
- LDAP is an industry standard
- Extensible
- Fine Grained
- Lots of nice and easy to use management tools
- Cons
- Perhaps too complex
