[vox] Stuff you really need to run a GNU/Linux network

[Don Werve]

I'll put in my two cents.  Michael is spot-on -- no backup and restore strategy, one that gets tested on a regular basis, is the sign of an amateur shop.

Kerberos isn't really necessary, and it breaks if NTP stops working for whatever reason (clock drift), so I tend to avoid it.  Salted-and-hashed passwords in LDAP combined with authenticating against binding, rather than local comparison, work just as well.

Something else essential is some form of centralized automation, for handling everything from software deployment to config changes, and said automation needs to be linked in to some form of SCM (Git, Subversion, etc.)

Without that, you're left to manually perform updates, which is error-prone and also doesn't generate any sort of audit trail.  You also don't get to keep copies of your config files over time, making it a lot harder to 'roll back', say, a change that broke Postfix across ten mail servers.

And no, 'cssh' is not a replacement for this.