Date: Sat, 14 Mar 2020 12:35:05 +0700 From: Victor Sudakov <vas@sibptus.ru> To: freebsd-questions@freebsd.org Subject: Re: Centralized user/group/whatever management Message-ID: <20200314053505.GE27346@admin.sibptus.ru> In-Reply-To: <alpine.BSF.2.21.9999.2003131316400.21693@mail2.nber.org> References: <20200313091923.GA98495@admin.sibptus.ru> <20200313125230.GB2004@x1> <alpine.BSF.2.21.9999.2003131316400.21693@mail2.nber.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--UnaWdueM1EBWVRzC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Daniel Feenberg wrote: > > >=20 > > > Do you think there exists a modern solution for centralized user/grou= p/... > > > management compatible with FreeBSD and Linux? > >=20 >=20 > rsync and rdist are transparent and reliable. Over ssh they are secure. As a mechanism of centralized user account management, security is their only advantage. You are probably talking about pushing master.passwd and other files from some "domain controller" over the network, right? This approach has lots of drawbacks, I'll name a few showstoppers: 1. The pushing is not event driven. This means even if you run rdist/rsync every 5 minutes from cron (which you won't), there will be a lag between adding a user on a "domain controller" and user being able to login into their workstation.=20 2. Moreover, the pushing is not parallel. This means the lag from Item 1 will be different for different workstations. 3. Deleting a user on the "domain controller" will not delete the user's home (unless you write some scripts, and then some more scripts...) The closest thing to your approach is ansible's "user" and "group" modules, I'll certainly consider them if I don't find a solution with a truly centralized user database, like a modern incarnation of NIS. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --UnaWdueM1EBWVRzC Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJebG0JAAoJEA2k8lmbXsY0hyMH/RPJt/Z/ZvVd3BFV8OkLHdvc enyldj5mglC9lPdknbWydeBfzF2bA8FqHr3MOVFhJwaPCMZ/F8pWrif1nZlNCzXn gBQfAXnwZWGInVIGs4rGH8uispOL8zYvz8mpnDgAZWugRiBb+ImkxwX9w3+mzXEV KF31WHNCYTXKwEgcgdr4Hr5K32AEUHyJVq0+rE+oVwZcpuVheJC6yowGOCH3ZdZi 9hS8Za1bf+od/3exteJOknVGlGKufmesCNinjwK4Y/ZWARcJ1N6qHTPcRtqd3mWy rA0LnHf8lFka73JMOBdshcMNdSkhH/FrmwhU3IKTBV/bHCSd2KCLyBOnOC/BZh8= =5ElL -----END PGP SIGNATURE----- --UnaWdueM1EBWVRzC--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200314053505.GE27346>