I’ve recently switched to JumpCloud.com for centralized authentication/authorization/intrusion detection/patch monitoring. I’m impressed thus far. They’re a startup that's making good decisions and listening to their user base.
-- cjs From: Smith, David Smith, David Reply: Smith, David desm...@wustl.edu Date: February 7, 2014 at 9:28:30 AM To: Graham Dunn g...@kurai.org, LOPSA Technical Discussions t...@lopsa.org Subject: Re: [lopsa-tech] Managing centralized userids on machines that are not "local" I’d suggest starting with trying to create a permanent tunnel (VPN or similar) back to your own network. That way, you continue to enjoy the benefits of centralized credential management. That said, I’m presently toying with a similar problem for spinning up servers in Amazon’s cloud, and not sure if the network people will let me set up a permanent tunnel, so I’m interested in seeing alternatives. I’m actually considering treating it as its own domain, complete with its own AD/LDAP environment that isn’t connected to our main one. True, it’s one additional place to manage passwords, but it’s one place for all the servers there, instead of on a per-server basis. David Smith From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] On Behalf Of Graham Dunn Sent: Friday, February 07, 2014 9:05 AM To: LOPSA Technical Discussions Subject: [lopsa-tech] Managing centralized userids on machines that are not "local" Hi, So we're using LDAP/AD pam modules to provide user logins on our Linux boxen that are inside our network, but what are people doing for "remote" (ie. colo, DMZ, etc) servers? Generating /etc/passwd locally, then shipping it across via scp or somesuch, or setting up a tunnel back into the local network were two things I thought about, are there other approaches? Thanks, Graham _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
