I'm administrating two ubuntu desktops and one debian server.
There are abount ~20 active users on the desktops. A few (5-10) user accounts are added each year and about the same amount become inactive.
I would like to share the user accounts and their respective homes between the two pcs. So far, my plan was to set up some kind of nfs + kerberos (+ldap/nis?), but I think kerberos is overly complicated for this simple purpose. In addition to that, the admin changes every ~2-3 years and I fear that complicated solutions will become unmaintainable for my successors (we are no professionals…).
Is there a way to split up /etc/passwd etc. in different files, so I could store these on the server and copy them to the desktops? Or is there some PAM-module that provides a similar type of "modular" authentication ? (well, except pam_krb5).
What would be the simplest way to achieve that?
Best Answer
You can use a configuration management system to do this. Personally, I use Puppet for this. I have a single
/etc/passwd
and/etc/shadow
file and I have Puppet sync it across all my systems. There is an interesting learning curve with them, but definitely tutorials for doing exactly what you want on their website.I would, however, definitely recommend using LDAP and Kerberos. I know the learning curve is steep, but the security is really good. I know kerbs can be a burden sometimes, but LDAP would probably be acceptable. I have been meaning to set one up.