[vox-tech] Easiest way to integrate the login of large numbers
of servers...
Charles McLaughlin
vox-tech@lists.lugod.org
Wed, 28 Apr 2004 16:34:48 -0700
This is more of a question than an answer... but wouldn't NIS work?
From what I've read, it seems much easier than LDAP.
> Message: 8
> From: "Jonathan" <j@firebright.com>
> To: <vox-tech@lists.lugod.org>
> Date: Wed, 28 Apr 2004 14:16:54 -0700
> Subject: [vox-tech] Easiest way to integrate the login of large numbers of servers...
> Reply-To: vox-tech@lists.lugod.org
>
> Hey All!
>
> A debate has broken out here at my company between several of the engineers,
> and I'm writing to see what you guys think.
>
> Let me outline the problem... Our operation runs accross 11 redhat 9 servers
> right now, and 3 more are coming. We're in 4 datacenters (though we only
> have one server for 2 of them for DNS and monitoring, the others are Mae
> West in SF and SureWest for our DRP), and we're starting to hit the limit on
> the number of passwords that we can remember.
>
> So, one school here says set up a secure Open LDAP directory of some sort,
> and use that as a replacement for /etc/password. Shockingly, the guy who is
> espousing this position is from Netscape originally. Hehe.
>
> The other approach (which I am completely unfamiliar with I must admit) is
> kerberos. I'm not sure I *want* a three headed dog in the company. :)
>
> So, what's the easiest, most secure way to tie in a login server to our
> systems in the eyes of some of the more experienced sysadmins out there?
> I've read up on both of these approaches, and they both seem to have their
> advantages and disadvantages. There's nothing in my O'Reilly bookshelf
> outlining much about comparing this stuff. Any advice?
>
> Thanks in advance,
>
> Jonathan
>