On Wednesday, July 16, 2014 9:24:35 AM UTC-5, Betsy Schwartz wrote:
>
> Thank you! pam access may well be the right direction to go for us.
>
>
> I'm still sort of boggled that nobody seems to be using puppet for
> /etc/passwd. That always seemed to us to be the *first* thing we'd want to
> ge
> On Wed, Jul 16, 2014 at 10:24:26AM -0400, Betsy Schwartz wrote:
>>I'm still sort of boggled that nobody seems to be using puppet for
>>/etc/passwd. That always seemed to us to be the *first* thing we'd want to
>>get under centralized control.
We use nsswitch.
% man nsswitch.conf
%
Um, why? There are more regularized methods of RBAC than touching /etc/passwd.
For my part I'd rather keep hosts as similar as possible and have
authentication controlled elsewhere. That way I have complex manifests about
user authentication on a subset of hosts, and simplified auth client manif
Thank you! pam access may well be the right direction to go for us.
I'm still sort of boggled that nobody seems to be using puppet for
/etc/passwd. That always seemed to us to be the *first* thing we'd want to
get under centralized control.
I understand that centralized control reduces the need
On So, 2014-07-13 at 16:01 -0400, Betsy Schwartz wrote:
> We're running primarily RHEL6, and Puppet Enterprise 3.2
>
> In our non-puppetized world, we make heavy use of netgroups (stored in
> ldap, entered in /etc/passwd) to control access to servers.
Would pam_access work for your use case?
Inst
Hi Matt,
I've heard of FreeIPA, but that feels like a longer project (and would
probably get tied into AD integration and another project we have going to
combine multiple business units)
For Phase One we're hoping to centralize and automate something close to
what we have now.
Thanks Betsy
On Sun, Jul 13, 2014 at 3:01 PM, Betsy Schwartz
wrote:
> Is this, indeed, a Solved Problem? What is everyone else doing?
> thanks Betsy
Disclaimer:
I am not doing this. Yet.
Have you looked at FreeIPA?
-mz
--
You received this message because you are subscribed to the Google Groups
"Puppet
We're running primarily RHEL6, and Puppet Enterprise 3.2
In our non-puppetized world, we make heavy use of netgroups (stored in
ldap, entered in /etc/passwd) to control access to servers.
There's been much discussion and some confusion about the best way to
control user access going forwards. The
