Changes

Jump to: navigation, search

Centralized Authentication Proposal

910 bytes added, 12:19, 24 April 2012
no edit summary
While implementing the BCFG2 configuration management system on the build farm, the prospect of having a passwd, shadow and groups group file controlled by the utility was brought up several times. While this is one method of managing a consistent set of users and groups across the build farm, I feel that there is other software available that would be better suited for this task.
===Arguments For===
* More easily managed users
* consistent home directories over NFS
** SSH keys always there
** Test builds stored on network drive/doesn't take up space on builders
* More modern approach to user management
* Less inconsistencies throughout builders
* Ability to document centralized logon performance in ARM space
** valuable research for enterprise hardware
===Arguments Against===
* Additonal services running on Hongkong/Ireland
* Increased network traffic
* additonal point of failure
** Can have backup/slave servers
NIS+===Means and methods===
OpenLDAP====NIS/NIS+====* Pros** Quick and easy*** Cons** Not the most scalable system*** Mitigated by the fact that our farm is less than 100 machines
Kerberos====OpenLDAP/389 Directory====* Pros** LDAP is an industry standard** Extensible** Fine Grained** Lots of nice and easy to use management tools* Cons** Perhaps too complex**
====Kerberos/Heimdall==== ====Other====
Jacwang
1
edit
Retrieved from "https://wiki.cdot.senecapolytechnic.ca/wiki/Special:MobileDiff/84714...84728"

Navigation menu