Centralized Account Management, how do you do yours?

  • humbletech99
  • Proficient
  • Proficient
  • User avatar
  • Posts: 300

Post 3+ Months Ago

I have a need to centralize my Linux server account management.

I have authenticated to windows domains before but now I come back to thinking about rolling this out across all my servers I find myself questioning if authenticating to Active Directory is really the right thing to do for all my systems.

If I have web/mail/dns/database etc servers sitting in a DMZ, then either I have to allow access inwards towards a Domain Controller, or put a Domain Controller in the DMZ and put it at risk, as well as allowing a possible compromise of the entire organization's user account base, this just doesn't seem sensible from the point of view of security, for which we take quite seriously here at work.

So should I maintain a separate centralized authentication system just for these Linux servers in the DMZ?

What do you use for centralized Linux account management? And what do you do about your DMZ systems?
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1258
  • Loc: ./

Post 3+ Months Ago

This looks relevant: http://www.aerospacesoftware.com/samba- ... -howto.htm

If you're just talking Linux systems, you'd be better off using NIS/NFS (also tunneled) because it's far more efficient than AD.

Post Information

  • Total Posts in this topic: 2 posts
  • Users browsing this forum: No registered users and 13 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum

© 1998-2017. Ozzu® is a registered trademark of Unmelted, LLC.