Difference between revisions of "Centralized Authentication Proposal"
(Created page with 'While implementing the BCFG2 configuration management system on the build farm, the prospect of having a passwd, shadow and groups file controlled by the utility was brought up s…') |
|||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | While implementing the BCFG2 configuration management system on the build farm, the prospect of having a passwd, shadow and | + | While implementing the BCFG2 configuration management system on the build farm, the prospect of having a passwd, shadow and group file controlled by the utility was brought up several times. While this is one method of managing a consistent set of users and groups across the build farm, I feel that there is other software available that would be better suited for this task. |
| + | ===Arguments For=== | ||
| + | * More easily managed users | ||
| + | * consistent home directories over NFS | ||
| + | ** SSH keys always there | ||
| + | ** Test builds stored on network drive/doesn't take up space on builders | ||
| + | * More modern approach to user management | ||
| + | * Less inconsistencies throughout builders | ||
| + | * Ability to document centralized logon performance in ARM space | ||
| + | ** valuable research for enterprise hardware | ||
| + | ===Arguments Against=== | ||
| + | * Additonal services running on Hongkong/Ireland | ||
| + | * Increased network traffic | ||
| + | * additonal point of failure | ||
| + | ** Can have backup/slave servers | ||
| − | + | ===Means and methods=== | |
| − | + | ====NIS/NIS+==== | |
| + | * Pros | ||
| + | ** Quick and easy | ||
| + | ** | ||
| + | * Cons | ||
| + | ** Not the most scalable system | ||
| + | *** Mitigated by the fact that our farm is less than 100 machines | ||
| − | + | ====OpenLDAP/389 Directory==== | |
| + | * Pros | ||
| + | ** LDAP is an industry standard | ||
| + | ** Extensible | ||
| + | ** Fine Grained | ||
| + | ** Lots of nice and easy to use management tools | ||
| + | * Cons | ||
| + | ** Perhaps too complex | ||
| + | ** | ||
| − | Other | + | ====Kerberos/Heimdall==== |
| + | |||
| + | ====Other==== | ||
Latest revision as of 12:19, 24 April 2012
While implementing the BCFG2 configuration management system on the build farm, the prospect of having a passwd, shadow and group file controlled by the utility was brought up several times. While this is one method of managing a consistent set of users and groups across the build farm, I feel that there is other software available that would be better suited for this task.
Contents
Arguments For
- More easily managed users
- consistent home directories over NFS
- SSH keys always there
- Test builds stored on network drive/doesn't take up space on builders
- More modern approach to user management
- Less inconsistencies throughout builders
- Ability to document centralized logon performance in ARM space
- valuable research for enterprise hardware
Arguments Against
- Additonal services running on Hongkong/Ireland
- Increased network traffic
- additonal point of failure
- Can have backup/slave servers
Means and methods
NIS/NIS+
- Pros
- Quick and easy
- Cons
- Not the most scalable system
- Mitigated by the fact that our farm is less than 100 machines
- Not the most scalable system
OpenLDAP/389 Directory
- Pros
- LDAP is an industry standard
- Extensible
- Fine Grained
- Lots of nice and easy to use management tools
- Cons
- Perhaps too complex
