How should I organize user logins and passwords within a 6 person firm? We have several desktops, portables, servers and virtual machines. Everyone should be able to log in on each PC. Ldap seems overkill. Would NIS be more suited?
How can I integrate other passwords like samba, mysql, vpn, … Into this strategy?
Tx for your reply.
The employees have their own PC’s (Mac) and want to have full ownership over their PC’s. We are 3 employees and beginning of next year there will be 3 students joining us. I was considering LTSP for those students (because they won’t have Mac). But I am not convinced that LTSP will be fast enough for their use (Eclipse java development + Blender development). In addition, I am not convinced that thin clients are cheaper than full hardware.
To hand over control for the developers to the different servers and virtual machines (so that they can stop and start tomcat, apache, mysql, …) I would like that they can log in with their own user names and password. Although that it is still doable for 6 persons, it seems a lot of work to keep usernames and passwords in sync over the different machines.
Ivan
Apple OS/X has it’s own version of OpenLDAP and you can synchronise accounts with a single server. So that takes 2 machines out of the equation.
eulaersivan wrote:
>
> How should I organize user logins and passwords within a 6 person firm?
> We have several desktops, portables, servers and virtual machines.
> Everyone should be able to log in on each PC. Ldap seems overkill. Would
> NIS be more suited?
NIS is VERY simple. The downside is that it stores the password hashes so
that they are available to everyone (if you make it portable). There are
other ways that are slightly more secure… but that’s the normal downside
to using NIS… it makes it possible to brute force all of the passwords. A
sufficiently hard 8 character DES hashed password could take some time
though (e.g. months to years). On a pure Linux network, the hashes could be
md5 (so Red Hat is happy… will work with contemporary Solaris as well) or
blowfish (arguably better than md5, but mostly SUSE variants).
>
> How can I integrate other passwords like samba, mysql, vpn, … Into
> this strategy?
Many services use PAM which means there are ways to use any source of auth
that you want to use. Web is usually the “hardest”, though not really hard,
just questionable if you want to do it (for security reasons… even if
intranet only).
If the network HAS to have Windows on it… then you can easily tie
authentication to Windows AD. You can even use NIS for independent user id
and still handle passwords via Windows AD.
And, as you said, there is always LDAP… but if you already have a need for
Windows, then I recommend having one AD server and doing your username ids
and passwords through that. It’s actually not hard to do… but maybe
difficult for the novice (??). I do this kind of stuff for a living though.