Centralized Authentication Proposal

From CDOT Wiki
Revision as of 11:48, 24 April 2012 by Jacwang (talk | contribs) (OpenLDAP/389 Directory)
Jump to: navigation, search

While implementing the BCFG2 configuration management system on the build farm, the prospect of having a passwd, shadow and group file controlled by the utility was brought up several times. While this is one method of managing a consistent set of users and groups across the build farm, I feel that there is other software available that would be better suited for this task.


Arguments For

  • More easily managed users
  • consistent home directories over NFS
    • SSH keys always there
    • Test builds stored on network drive/doesn't take up space on builders
  • More modern approach to user management
  • Less inconsistencies throughout builders

Arguments Against

  • Additonal services running on Honkgong
  • Increased network traffic
  • additonal point of failure


Means and methods

NIS/NIS+

  • Pros
    • Quick and easy
  • Cons

OpenLDAP/389 Directory

  • LDAP is an industry standard
  • Extensible
  • Fine Grained

Kerberos/Heimdall

Other

Retrieved from "https://wiki.cdot.senecapolytechnic.ca/w/index.php?title=Centralized_Authentication_Proposal&oldid=84727"