Centralized user/group/whatever management

Victor Sudakov vas at sibptus.ru
Sat Mar 14 05:35:08 UTC 2020

Daniel Feenberg wrote:
> > > 
> > > Do you think there exists a modern solution for centralized user/group/...
> > > management compatible with FreeBSD and Linux?
> > 
> rsync and rdist are transparent and reliable. Over ssh they are secure.

As a mechanism of centralized user account management, security is
their only advantage. You are probably talking about pushing
master.passwd and other files from some "domain controller" over the
network, right?

This approach has lots of drawbacks, I'll name a few showstoppers:

1. The pushing is not event driven. This means even if you run
rdist/rsync every 5 minutes from cron (which you won't), there will be a
lag between adding a user on a "domain controller" and user being able
to login into their workstation. 

2. Moreover, the pushing is not parallel. This means the lag from Item 1
will be different for different workstations.

3. Deleting a user on the "domain controller" will not delete the user's
home (unless you write some scripts, and then some more scripts...)

The closest thing to your approach is ansible's "user" and "group"
modules, I'll certainly consider them if I don't find a solution with a
truly centralized user database, like a modern incarnation of NIS.

Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20200314/65e59677/attachment.sig>

More information about the freebsd-questions mailing list