Results 1 to 5 of 5

Thread: Central user database

  1. #1

    Default Central user database

    How should I organize user logins and passwords within a 6 person firm? We have several desktops, portables, servers and virtual machines. Everyone should be able to log in on each PC. Ldap seems overkill. Would NIS be more suited?

    How can I integrate other passwords like samba, mysql, vpn, ... Into this strategy?

    Tx for your reply.

  2. #2
    Join Date
    Jun 2008
    Location
    West Yorkshire, UK
    Posts
    3,430

    Default Re: Central user database

    For six people, what about LTSP? Portal:KIWI-LTSP - openSUSE

  3. #3

    Default Re: Central user database

    The employees have their own PC's (Mac) and want to have full ownership over their PC's. We are 3 employees and beginning of next year there will be 3 students joining us. I was considering LTSP for those students (because they won't have Mac). But I am not convinced that LTSP will be fast enough for their use (Eclipse java development + Blender development). In addition, I am not convinced that thin clients are cheaper than full hardware.

    To hand over control for the developers to the different servers and virtual machines (so that they can stop and start tomcat, apache, mysql, ...) I would like that they can log in with their own user names and password. Although that it is still doable for 6 persons, it seems a lot of work to keep usernames and passwords in sync over the different machines.

    Ivan

  4. #4
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Central user database

    Apple OS/X has it's own version of OpenLDAP and you can synchronise accounts with a single server. So that takes 2 machines out of the equation.

  5. #5
    Join Date
    Jun 2008
    Location
    Frisco, TX
    Posts
    1,233

    Default Re: Central user database

    eulaersivan wrote:

    >
    > How should I organize user logins and passwords within a 6 person firm?
    > We have several desktops, portables, servers and virtual machines.
    > Everyone should be able to log in on each PC. Ldap seems overkill. Would
    > NIS be more suited?


    NIS is VERY simple. The downside is that it stores the password hashes so
    that they are available to everyone (if you make it portable). There are
    other ways that are slightly more secure.... but that's the normal downside
    to using NIS... it makes it possible to brute force all of the passwords. A
    sufficiently hard 8 character DES hashed password could take some time
    though (e.g. months to years). On a pure Linux network, the hashes could be
    md5 (so Red Hat is happy... will work with contemporary Solaris as well) or
    blowfish (arguably better than md5, but mostly SUSE variants).

    >
    > How can I integrate other passwords like samba, mysql, vpn, ... Into
    > this strategy?


    Many services use PAM which means there are ways to use any source of auth
    that you want to use. Web is usually the "hardest", though not really hard,
    just questionable if you want to do it (for security reasons... even if
    intranet only).

    If the network HAS to have Windows on it.... then you can easily tie
    authentication to Windows AD. You can even use NIS for independent user id
    and still handle passwords via Windows AD.

    And, as you said, there is always LDAP... but if you already have a need for
    Windows, then I recommend having one AD server and doing your username ids
    and passwords through that. It's actually not hard to do... but maybe
    difficult for the novice (??). I do this kind of stuff for a living though.



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •