Re: Looking for a centralized password setup for UNIX and Linux

---

• From: devonab@xxxxxxxxx
• Date: Sun, 01 Jul 2007 12:44:34 -0000

---

On Jun 20, 2:33 pm, derekbarr...@xxxxxxxxx wrote:

Hi everybody,

I wanted to get everybody's feedback regarding centralized password
management. Our environment has grown from a few admins to many. We
have gone from a Solaris shop to one that includes lots of Solaris and
Linux. We were using manual password changes per box, then moved to
shell scripting. However we have outgrown this as our passwords are
now often out of sync, as different admins are changing passwords at
different times, and new servers are being added frequently, and are
in different stages of development, etc. On top of this is meeting
Sarbanes-Oxley rules

We are looking at a centralized tool that is straightforward to
update, that can push out passwords across all the environments.

Some suggestions so far have been: LDAP, NIS, Kerberos, and Active
Directory plugins (not really liking the AD suggestion)

Concerns:

1) We don't want to get in a situation where if the password
management server has become unavailable, users are not able to login.

2) We want something that's straight forward to update and isn't
married to one particular admin's knowledge of language (like Perl,
etc).

Thanks for anybody's feedback

i personally like the ldap solution. you can run the sun ldap server
(actually bundled with solaris10) in a multi-master configuration (up
to 4 nodes i think) to address your availability concerns. linux also
supports ldap authentication and integrates nicely with the solaris
config. sun has some decent blueprint articles on their website
covering how to setup ldap naming services.

.

---

• Follow-Ups:
  • Re: Looking for a centralized password setup for UNIX and Linux
    • From: derekbarrett

• Prev by Date: identifying the disk
• Next by Date: Re: identifying the disk
• Previous by thread: identifying the disk
• Next by thread: Re: Looking for a centralized password setup for UNIX and Linux
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: SSO - Single Sign On ... You can look for PAAM for LDAP on these environment (Linux and Solaris ... (comp.os.linux.networking) LDAP client behaviour - Solaris 9 vs 10 ... I'm in the midst of converting our organisation's Solaris Naming Services ... in the way clients access the LDAP server depending on whether they are ... I did most of my principal testing with a Solaris 10 client, ... #1 - on the boot of the client a couple of anonymous connections would ... (SunManagers) Known Solaris and LDAP Problems ... I'll post this list of Solaris and LDAP problems to comp.unix.solaris ... o Use the Directory Server Console ... Newer Solaris 9 style profile works only after patching. ... (comp.unix.solaris) Re: Linux, LDAP and the impossibility of handling editable PDFs ... Having FreeBSD as my favorite OS on servers AND hybrid boxes makes life easy - I thought and was touhgt wrong. ... Using 'pdftk' fails, it is not made to run in modern 64 bit environments only when using FreeBSD (linux seems to have no problem, especially Ubuntu does the thing). ... As in other professional environments we were far away from using simple user management and therefore there is a LDAP environment. ... (freebsd-questions) Re: Solaris 10 gorups and OpenLDAP 2.3.39 ... I have a range of solaris 10 and solaris express all running of the ... we are using a LDAP server to manage the users for a CMS. ... (comp.unix.solaris)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Newsgroups  > comp.unix.admin  > 2007-07