Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 14 Mar 2020 12:35:05 +0700
From:      Victor Sudakov <vas@sibptus.ru>
To:        freebsd-questions@freebsd.org
Subject:   Re: Centralized user/group/whatever management
Message-ID:  <20200314053505.GE27346@admin.sibptus.ru>
In-Reply-To: <alpine.BSF.2.21.9999.2003131316400.21693@mail2.nber.org>
References:  <20200313091923.GA98495@admin.sibptus.ru> <20200313125230.GB2004@x1> <alpine.BSF.2.21.9999.2003131316400.21693@mail2.nber.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

--UnaWdueM1EBWVRzC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Daniel Feenberg wrote:
> > >=20
> > > Do you think there exists a modern solution for centralized user/grou=
p/...
> > > management compatible with FreeBSD and Linux?
> >=20
>=20
> rsync and rdist are transparent and reliable. Over ssh they are secure.

As a mechanism of centralized user account management, security is
their only advantage. You are probably talking about pushing
master.passwd and other files from some "domain controller" over the
network, right?

This approach has lots of drawbacks, I'll name a few showstoppers:

1. The pushing is not event driven. This means even if you run
rdist/rsync every 5 minutes from cron (which you won't), there will be a
lag between adding a user on a "domain controller" and user being able
to login into their workstation.=20

2. Moreover, the pushing is not parallel. This means the lag from Item 1
will be different for different workstations.

3. Deleting a user on the "domain controller" will not delete the user's
home (unless you write some scripts, and then some more scripts...)

The closest thing to your approach is ansible's "user" and "group"
modules, I'll certainly consider them if I don't find a solution with a
truly centralized user database, like a modern incarnation of NIS.

--=20
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/

--UnaWdueM1EBWVRzC
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJebG0JAAoJEA2k8lmbXsY0hyMH/RPJt/Z/ZvVd3BFV8OkLHdvc
enyldj5mglC9lPdknbWydeBfzF2bA8FqHr3MOVFhJwaPCMZ/F8pWrif1nZlNCzXn
gBQfAXnwZWGInVIGs4rGH8uispOL8zYvz8mpnDgAZWugRiBb+ImkxwX9w3+mzXEV
KF31WHNCYTXKwEgcgdr4Hr5K32AEUHyJVq0+rE+oVwZcpuVheJC6yowGOCH3ZdZi
9hS8Za1bf+od/3exteJOknVGlGKufmesCNinjwK4Y/ZWARcJ1N6qHTPcRtqd3mWy
rA0LnHf8lFka73JMOBdshcMNdSkhH/FrmwhU3IKTBV/bHCSd2KCLyBOnOC/BZh8=
=5ElL
-----END PGP SIGNATURE-----

--UnaWdueM1EBWVRzC--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20200314053505.GE27346>