[Cialug] sharing user credentials

Josh More morej at alliancetechnologies.net
Wed Oct 10 16:18:00 CDT 2007

OpenLDAP will take care of most of what you need.  Set up the service on
each server, modify the shell auth to use LDAP, and make sure the two
services synchronize changes with one another.  Recreate each user and
set up the UIDs for each.

There is a way to automatically create a home directory on login, if it
does not already exist.

Use an automated cron-based rsync to keep the /home/ldap_users/* in
sync on both boxes.

Set up auth on the virtual hosts to use PHP's LDAP calls for auth.

I will say that you may have some security issues, but if you want to
do what you're doing, I'm guessing that there are good reasons.  To
properly address the security concerns, I'd need to visit in person and
get a solid handle on what you're trying to do and why.


 morej at alliancetechnologies.net 

>>> "Matthew Nuzum" <newz at bearfruit.org> 10/10/07 4:09 PM >>> 
Lets say you have 2 computers, each with a number of virtual hosts, say
regulars (total) and you occassionally bring up new hosts for
projects. You've got a couple users with sudo access and a couple

 * You want to be able to quickly add users to all virtual hosts and
likewise revoke the users in the same way.
 * NFS cannot be used, nor can Samba, nor can Gnome VFS
 * It should be easy to add an ssh key to all the hosts
 * It would be nice if the user's home directories were available on
hosts but not a necessity

How would you accomplish the above?

How about if you have a third computer on a distant network (behind
that also wants to benefit from the above shared authentication?

Matthew Nuzum
newz2000 on freenode

More information about the Cialug mailing list