[Cialug] sharing user credentials

Josh More morej at alliancetechnologies.net
Wed Oct 10 16:18:00 CDT 2007


OpenLDAP will take care of most of what you need.  Set up the service on
each server, modify the shell auth to use LDAP, and make sure the two
services synchronize changes with one another.  Recreate each user and
set up the UIDs for each.

There is a way to automatically create a home directory on login, if it
does not already exist.

Use an automated cron-based rsync to keep the /home/ldap_users/* in
sync on both boxes.

Set up auth on the virtual hosts to use PHP's LDAP calls for auth.

I will say that you may have some security issues, but if you want to
do what you're doing, I'm guessing that there are good reasons.  To
properly address the security concerns, I'd need to visit in person and
get a solid handle on what you're trying to do and why.


 

-Josh More, RHCE, CISSP, NCLP, GIAC 
 morej at alliancetechnologies.net 
 515-245-7701



>>> "Matthew Nuzum" <newz at bearfruit.org> 10/10/07 4:09 PM >>> 
Lets say you have 2 computers, each with a number of virtual hosts, say
5
regulars (total) and you occassionally bring up new hosts for
short-term
projects. You've got a couple users with sudo access and a couple
users
without.

 * You want to be able to quickly add users to all virtual hosts and
likewise revoke the users in the same way.
 * NFS cannot be used, nor can Samba, nor can Gnome VFS
 * It should be easy to add an ssh key to all the hosts
 * It would be nice if the user's home directories were available on
all
hosts but not a necessity

How would you accomplish the above?

How about if you have a third computer on a distant network (behind
NAT)
that also wants to benefit from the above shared authentication?

-- 
Matthew Nuzum
newz2000 on freenode



More information about the Cialug mailing list