Centralized Authentication Proposal
While implementing the BCFG2 configuration management system on the build farm, the prospect of having a passwd, shadow and group file controlled by the utility was brought up several times. While this is one method of managing a consistent set of users and groups across the build farm, I feel that there is other software available that would be better suited for this task.
Arguments For
- More easily managed users
- consistent home directories over NFS
- SSH keys always there
- Test builds stored on network drive/doesn't take up space on builders
- More modern approach to user management
- Less inconsistencies throughout builders
- Ability to document centralized logon performance in ARM space
- valuable research for enterprise hardware
Arguments Against
- Additonal services running on Hongkong/Ireland
- Increased network traffic
- additonal point of failure
- Can have backup/slave servers
Means and methods
NIS/NIS+
- Pros
- Quick and easy
- Cons
- Not the most scalable system
- Mitigated by the fact that our farm is less than 100 machines
- Not the most scalable system
OpenLDAP/389 Directory
- Pros
- LDAP is an industry standard
- Extensible
- Fine Grained
- Lots of nice and easy to use management tools
- Cons
- Perhaps too complex