Managing access to multiple linux system

Posted by Swartz on Server Fault See other posts from Server Fault or by Swartz
Published on 2013-06-12T00:37:48Z Indexed on 2013/06/25 4:23 UTC
Read the original article Hit count: 587

A searched for answers but have found nothing on here...

Long story short: a non-profit organization is in dire need of modernizing its infrastructure. First thing is to find an alternatives to managing user accounts on a number of Linux hosts.

We have 12 servers (both physical and virtual) and about 50 workstations. We have 500 potential users for these systems. The individual who built and maintained the systems over the years has retired. He wrote his own scripts to manage it all. It still works. No complaints there. However, a lot of the stuff is very manual and error-prone. Code is messy and after updates often needs to be tweaked. Worst part is there is little to no docs written. There are just a few ReadMe's and random notes which may or may not be relevant anymore. So maintenance has become a difficult task.

Currently accounts are managed via /etc/passwd on each system. Updates are distributed via cron scripts to correct systems as accounts are added on the "main" server. Some users have to have access to all systems (like a sysadmin account), others need access to shared servers, while others may need access to workstations or only a subset of those.

Is there a tool that can help us manage accounts that meets the following requirements?

  • Preferably open source (i.e. free as budget is VERY limited)
  • mainstream (i.e. maintained)
  • preferably has LDAP integration or could be made to interface with LDAP or AD service for user authentication (will be needed in the near future to integrate accounts with other offices)
  • user management (adding, expiring, removing, lockout, etc)
  • allows to manage what systems (or group of systems) each user has access to - not all users are allowed on all systems
  • support for user accounts that could have different homedirs and mounts available depending on what system they are logged into. For example
    • sysadmin logged into "main" server has main://home/sysadmin/ as homedir and has all shared mounts
    • sysadmin logged into staff workstations would have nas://user/s/sysadmin as homedir(different from above) and potentially limited set of mounts,
    • a logged in client would have his/her homedir at different location and no shared mounts.
  • If there is an easy management interface that would be awesome.
  • And if this tool is cross-platform (Linux / MacOS / *nix), that will be a miracle!

I have searched the web and so have found nothing suitable. We are open to any suggestions. Thank you.

EDIT: This question has been incorrectly marked as a duplicate. The linked to answer only talks about having same homedirs on all systems, whereas we need to have different homedirs based on what system user is currently logged into(MULTIPLE homedirs). Also access needs to be granted only to some machinees not the whole lot. Mods, please understand the full extent of the problem instead of merely marking it as duplicate for points...

© Server Fault or respective owner

Related posts about ldap

Related posts about user-management