account management across multiple subnets

Jeff Anderson jefferya at programmerq.net
Tue Oct 23 16:22:08 MDT 2007


I agree. A cronjob would be the best way to do it.
Have the web frontend add the tasks to a list (could be a simple text
file, database, whatever) and securely push or pull the task list to the
server, and have the cronjob take care of business.
We currently have a setup like that at the byu computer science
department, and it works well. Occasionally, there is an error, but it
is easy to add e-mail hooks for those.

Jeff Anderson

Shane Hathaway wrote:
> Kyle Waters wrote:
>   
>> The problem is that on the remote box they only log in via samba+ldap.  
>> Which I'm told doesn't trigger pam.  Plus I have to run smbpasswd 
>> inorder to configure the ldap account for the samba settings(I'm looking 
>> into a better way of doing this).
>>     
>
> Ok, how about this: have the remote servers run a fairly frequent cron
> job that downloads the latest list of all user account names and acts
> upon any additions or removals.  Download via authenticated HTTPS or ssh
> (sftp) so that people can neither snoop nor alter the download (although
> they might block it).
>
> If you're feeling gutsy, you can make the servers download only a delta
> rather than the complete list.  That would scale better if you have
> thousands of users, but it's more likely to introduce error.
>
> Shane
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>
>   




More information about the PLUG mailing list