PAM adduser?
I am trying to implement a centralized user system where all the users and passwords are stored on a centralized system. My first instinct was to use radius, since we already have that going for a number of different services. However after reading up on pam_radius, it appears that you must first create the user locally on each system and all pam_radius does is act as a central password repository.
Is this true, and if so, is there any system out there that does not require you to create the user locally first? Thanks! |
PAM is a localhost kind of ballgame. People seem to like and use LDAP authentication well enough these days. It depends largely on the deployment and interface of the "centralized user system" you're designing. Heck, some people like to stuff user auth data in a MySQL database and auth it with a PHP form.
|
Quote:
This will get you started, but there's lots more reading to do: http://ldots.org/ldap |
I've just ordered a book that looks good...you might want to check it out too.
Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers: A comprehensive and practical guide to PAM for Linux: how modules work and how to implement them https://www.amazon.com/gp/product/19...ss_T15_product And, of course: LDAP System Administration http://www.amazon.com/LDAP-System-Ad...ref=pd_sim_b_2 |
Quote:
1) Response times will be high 2) In case centralized LDAP fails you're in for trouble. I would recommend that you use centralized LDAP for user management and then have this LDAP data replicated across all the other servers. OpenLDAP does support master/slave modes. The same can be accomplished using MySQL master-slave mode. |
So by using LDAP, the local users are dynamically added and deleted as the user logs into and logs out of the server?
Is it possible to do this with pam_radius? |
Quote:
OP. LDAP is the way you want to go pam_radius can work with ldap but there is a ldap module for pam and should use that. If you have a large environment look into LDAP multi-master and just set up like 2-3 LDAP servers. |
Quote:
|
Quote:
|
All times are GMT -5. The time now is 08:40 PM. |