account management across multiple subnets
jefferya at programmerq.net
Tue Oct 23 16:22:08 MDT 2007
I agree. A cronjob would be the best way to do it.
Have the web frontend add the tasks to a list (could be a simple text
file, database, whatever) and securely push or pull the task list to the
server, and have the cronjob take care of business.
We currently have a setup like that at the byu computer science
department, and it works well. Occasionally, there is an error, but it
is easy to add e-mail hooks for those.
Shane Hathaway wrote:
> Kyle Waters wrote:
>> The problem is that on the remote box they only log in via samba+ldap.
>> Which I'm told doesn't trigger pam. Plus I have to run smbpasswd
>> inorder to configure the ldap account for the samba settings(I'm looking
>> into a better way of doing this).
> Ok, how about this: have the remote servers run a fairly frequent cron
> job that downloads the latest list of all user account names and acts
> upon any additions or removals. Download via authenticated HTTPS or ssh
> (sftp) so that people can neither snoop nor alter the download (although
> they might block it).
> If you're feeling gutsy, you can make the servers download only a delta
> rather than the complete list. That would scale better if you have
> thousands of users, but it's more likely to introduce error.
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
More information about the PLUG