Difference between revisions of "Centralized Authentication Proposal"
(One intermediate revision by the same user not shown) | |||
Line 9: | Line 9: | ||
* More modern approach to user management | * More modern approach to user management | ||
* Less inconsistencies throughout builders | * Less inconsistencies throughout builders | ||
+ | * Ability to document centralized logon performance in ARM space | ||
+ | ** valuable research for enterprise hardware | ||
===Arguments Against=== | ===Arguments Against=== | ||
− | * Additonal services running on | + | * Additonal services running on Hongkong/Ireland |
* Increased network traffic | * Increased network traffic | ||
* additonal point of failure | * additonal point of failure | ||
+ | ** Can have backup/slave servers | ||
Line 23: | Line 26: | ||
** | ** | ||
* Cons | * Cons | ||
− | ** | + | ** Not the most scalable system |
+ | *** Mitigated by the fact that our farm is less than 100 machines | ||
====OpenLDAP/389 Directory==== | ====OpenLDAP/389 Directory==== | ||
− | + | * Pros | |
+ | ** LDAP is an industry standard | ||
+ | ** Extensible | ||
+ | ** Fine Grained | ||
+ | ** Lots of nice and easy to use management tools | ||
+ | * Cons | ||
+ | ** Perhaps too complex | ||
+ | ** | ||
====Kerberos/Heimdall==== | ====Kerberos/Heimdall==== | ||
====Other==== | ====Other==== |
Latest revision as of 11:19, 24 April 2012
While implementing the BCFG2 configuration management system on the build farm, the prospect of having a passwd, shadow and group file controlled by the utility was brought up several times. While this is one method of managing a consistent set of users and groups across the build farm, I feel that there is other software available that would be better suited for this task.
Contents
Arguments For
- More easily managed users
- consistent home directories over NFS
- SSH keys always there
- Test builds stored on network drive/doesn't take up space on builders
- More modern approach to user management
- Less inconsistencies throughout builders
- Ability to document centralized logon performance in ARM space
- valuable research for enterprise hardware
Arguments Against
- Additonal services running on Hongkong/Ireland
- Increased network traffic
- additonal point of failure
- Can have backup/slave servers
Means and methods
NIS/NIS+
- Pros
- Quick and easy
- Cons
- Not the most scalable system
- Mitigated by the fact that our farm is less than 100 machines
- Not the most scalable system
OpenLDAP/389 Directory
- Pros
- LDAP is an industry standard
- Extensible
- Fine Grained
- Lots of nice and easy to use management tools
- Cons
- Perhaps too complex