Hi there.

This is a "which software should I use" question.

My company has a set-up where we buy machines, install Red Hat Enterprise and our software, and ship the machines out to clients' sites. The machines run our software and currently have one login account that allows us to log in and maintain the machine.

There are quite a few users in the support team, and we would like to give each user their own login account. We also need a way to rotate passwords, preferably without having to log into each machine separately.

Ideally, a solution would allow us to rotate passwords as well, and keep UIDs the same across machines.

There are several other reasons for wanting to do this: to limit what each person can do (using sudo) as well as to log who performed what operations on the machine. This logging already exists but just says that the administrator user did something, making it hard to know who to talk to when things go wrong.

Another complication is that each one of these machines is on a different network, with a different ISP offering a different quality of service, so we can't guarantee 100% uptime (currently we use modems as a last resort when trying to log in, but I'm told it's quite rare that we need to do that).

Can anyone offer any advice or suggestions on a good solution for this?

Many thanks in advance,

—Robert J Lee

Robert J Lee

It's an challenge task the way i like it . don't know the existence of such a software, none that fits your needs, so you'll must be on making your own scripting i think.

I suggest you 2 sides being one(or more) script in the your clients machines, executed by cron or something, with exec properly setted in sudoers file (once it will need root privileges) and one to prepare things for your support team.

Let's see:
You have a lot of uid numbers wich isn't used in machines, some high ones like 1010, 1011, etc. this is a matter of creating such acconts in your client machines. your script would take care of rotating passwords once it's a matter of /etc/passwd file. Just create a new password, encrypt it and and change the file.
Here you have an example of script to create new user: http://www.cyberciti.biz/tips/howto-...-add-user.html
an here an example of changing it via network: http://www.unix.com/shell-programmin...html#post40791
This is a matter of configuring /etc/sudoers at your needs, including the option to "mail_always" flag at the same file. it's checked off as default, but changed to on, will mail you what users that perform sudo commands


So, my suggest is to put in a web server some king of encrypted file with data to your client side script, from time to time it checks the file in the web server and check it version, changed version updates clients machine with new passwords and what you need. The script for your support team will make this file and upload it to the server.

That's the whole idea, hope it helps.


cheers