Hi,

I have few ec2 servers, under different aws accounts, I want to setup a method to control user accounts from a single point. Can I use RADIUS for that? Or LDAP?
Please help.

I think LDAP is good to store users and there credentials at centralized location.

1 members found this post helpful.

Typically, LDAP (nee Microsoft OpenDirectory) is used for this purpose. Other technologies like Radius and Kerberos can be used, but LDAP is by far the most common. There are hundreds of thorough articles on the Internet that show you exactly how to do it.

Basically ... "in even a small office with Windows machines, say, or Macs, or machines of any type at all, you quickly discover the need to manage ... not only login-credentials, but arbitrary attributes of those users, from one central location." There's simply no other practical way to do it. LDAP has become the de facto standard for doing that, and Microsoft's management-console happens to be a very good tool. You simply arrange for the Linux boxes to conform to that, which they can very easily do.

Integration with LDAP usually happens in many other ways. Web-servers such as Apache or nginix can query to find out whether access should be granted to a particular user. A user can "log in" (using LDAP-validated credentials), and then find that this login is also seamlessly recognized by other intranet web-pages that he might visit. And, if those pages are driven by CGI-code of any sort, those CGI handlers can also seamlessly query those (trustworthy ...) credentials, thus creating a very smooth "single sign-on" user experience.

All of this stuff is "already invented," and is cross-platform between Windows, Linux, OS/X, and even mainframes. You might not have encountered it yet, if you haven't had five thousand computers and laptops to manage yet ... ... but you'll love it, when you do.

1 members found this post helpful.