help-cfengine@cfengine.org
[Top] [All Lists]
<prev [Date] next>
<prev [Thread] next>

Re: help with cfengine for account management in very large environments

from [David Dorgan]
Subject: Re: help with cfengine for account management in very large environments
From: "David Dorgan"
Date: Tue, 6 Jun 2006 23:56:24 +0200 
On 6/6/06, Igor Sutton <igor.sutton@xxxxxxxxx> wrote:
> You can write a PAM module that does these kind of authorization, by
> grouping your servers e.g. serverA, serverB and serverC only allows users
> having memberOf oracleDBA. It works here in the company I work for, and can
> suit yours too. I think this approach is nice because you can centralize all
> administration to one write server, and then replicate to your slave
> servers.
>
> Just one more idea :)

True! But not to beat a dead horse,  you can also use netgroups in
ldap with pam_access to do this, no coding needed!

David
_______________________________________________
Help-cfengine mailing list
Help-cfengine@xxxxxxxxxxxx
http://cfengine.org/mailman/listinfo/help-cfengine
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: help with cfengine for account management in very large environments, Steve Wray
Next by Date:  Re: help with cfengine for account management in very large environments, David Dorgan
Previous by Thread:  Re: help with cfengine for account management in very large environments, Igor Sutton
Next by Thread:  Re: help with cfengine for account management in very large environments, Berthold Cogel
Indexes:  [Date] [Thread] [Top] [All Lists]