account management across multiple subnets

Shane Hathaway shane at hathawaymix.org
Tue Oct 23 16:08:25 MDT 2007


Kyle Waters wrote:
> The problem is that on the remote box they only log in via samba+ldap.  
> Which I'm told doesn't trigger pam.  Plus I have to run smbpasswd 
> inorder to configure the ldap account for the samba settings(I'm looking 
> into a better way of doing this).

Ok, how about this: have the remote servers run a fairly frequent cron
job that downloads the latest list of all user account names and acts
upon any additions or removals.  Download via authenticated HTTPS or ssh
(sftp) so that people can neither snoop nor alter the download (although
they might block it).

If you're feeling gutsy, you can make the servers download only a delta
rather than the complete list.  That would scale better if you have
thousands of users, but it's more likely to introduce error.

Shane



More information about the PLUG mailing list