[vox-tech] Easiest way to integrate the login of large numbers of servers...

Jonathan vox-tech@lists.lugod.org
Wed, 28 Apr 2004 14:16:54 -0700


Hey All!

A debate has broken out here at my company between several of the engineers,
and I'm writing to see what you guys think.

Let me outline the problem... Our operation runs accross 11 redhat 9 servers
right now, and 3 more are coming.  We're in 4 datacenters (though we only
have one server for 2 of them for DNS and monitoring, the others are Mae
West in SF and SureWest for our DRP), and we're starting to hit the limit on
the number of passwords that we can remember.

So, one school here says set up a secure Open LDAP directory of some sort,
and use that as a replacement for /etc/password.  Shockingly, the guy who is
espousing this position is from Netscape originally. Hehe.

The other approach (which I am completely unfamiliar with I must admit) is
kerberos.  I'm not sure I *want* a three headed dog in the company. :)

So, what's the easiest, most secure way to tie in a login server to our
systems in the eyes of some of the more experienced sysadmins out there?
I've read up on both of these approaches, and they both seem to have their
advantages and disadvantages.  There's nothing in my O'Reilly bookshelf
outlining much about comparing this stuff.  Any advice?

Thanks in advance,

Jonathan