LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 02-20-2009, 02:16 PM   #1
rjlee
Senior Member
 
Registered: Jul 2004
Distribution: Ubuntu 7.04
Posts: 1,990

Rep: Reputation: 67
Maintaining user accounts across several machines (not LAN/WAN)


Hi there.

This is a "which software should I use" question.

My company has a set-up where we buy machines, install Red Hat Enterprise and our software, and ship the machines out to clients' sites. The machines run our software and currently have one login account that allows us to log in and maintain the machine.

There are quite a few users in the support team, and we would like to give each user their own login account. We also need a way to rotate passwords, preferably without having to log into each machine separately.

Ideally, a solution would allow us to rotate passwords as well, and keep UIDs the same across machines.

There are several other reasons for wanting to do this: to limit what each person can do (using sudo) as well as to log who performed what operations on the machine. This logging already exists but just says that the administrator user did something, making it hard to know who to talk to when things go wrong.

Another complication is that each one of these machines is on a different network, with a different ISP offering a different quality of service, so we can't guarantee 100% uptime (currently we use modems as a last resort when trying to log in, but I'm told it's quite rare that we need to do that).

Can anyone offer any advice or suggestions on a good solution for this?

Many thanks in advance,

—Robert J Lee
 
Old 02-20-2009, 03:46 PM   #2
armandrix
Member
 
Registered: Nov 2005
Location: Brazil
Distribution: slackware64 -current
Posts: 46

Rep: Reputation: 18
Robert J Lee

It's an challenge task the way i like it . don't know the existence of such a software, none that fits your needs, so you'll must be on making your own scripting i think.

I suggest you 2 sides being one(or more) script in the your clients machines, executed by cron or something, with exec properly setted in sudoers file (once it will need root privileges) and one to prepare things for your support team.

Let's see:
Quote:
There are quite a few users in the support team, and we would like to give each user their own login account. We also need a way to rotate passwords, preferably without having to log into each machine separately.

Ideally, a solution would allow us to rotate passwords as well, and keep UIDs the same across machines.
You have a lot of uid numbers wich isn't used in machines, some high ones like 1010, 1011, etc. this is a matter of creating such acconts in your client machines. your script would take care of rotating passwords once it's a matter of /etc/passwd file. Just create a new password, encrypt it and and change the file.
Here you have an example of script to create new user: http://www.cyberciti.biz/tips/howto-...-add-user.html
an here an example of changing it via network: http://www.unix.com/shell-programmin...html#post40791
Quote:
There are several other reasons for wanting to do this: to limit what each person can do (using sudo) as well as to log who performed what operations on the machine. This logging already exists but just says that the administrator user did something, making it hard to know who to talk to when things go wrong.
This is a matter of configuring /etc/sudoers at your needs, including the option to "mail_always" flag at the same file. it's checked off as default, but changed to on, will mail you what users that perform sudo commands


So, my suggest is to put in a web server some king of encrypted file with data to your client side script, from time to time it checks the file in the web server and check it version, changed version updates clients machine with new passwords and what you need. The script for your support team will make this file and upload it to the server.

That's the whole idea, hope it helps.


cheers
 
  


Reply

Tags
ldap, login, pam


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LAN cannot access other LAN systems, only WAN Myrion Linux - Networking 1 09-06-2007 08:29 PM
software for maintaining commercial accounts pankaj-garg Linux - Software 3 06-07-2006 08:42 AM
Setup local machine to allow lan machines to retrieve its local user mail. Brian1 Linux - Networking 3 03-30-2006 06:04 AM
Routing LAN -> WAN -> LAN with unhelpful router synx13 Linux - Networking 2 06-14-2004 03:35 PM
limit some email accounts-WAN illtbagu Linux - Software 6 11-22-2003 04:04 PM


All times are GMT -5. The time now is 06:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration