I'm using FreeIPA here at home; As a product, it's really just a bunch of scripts and a web interface for LDAP+Kerberos+Certificate management+Samba; It aims to be a complete identity management system, a product designed to compete with (Or at the very least, perform an analogous set of tasks to) ActiveDirectory. It is completely open source, developed by Red Hat, for Fedora, and I use it on CentOS, but it is available for a number of other distros.
(Full disclosure: I do happen to use ActiveDirectory to store my user accounts, and FreeIPA authenticates through an AD Interforest Trust, but that's far from a requirement, and it probably causes me more grief than many admins would tolerate) As for reading, I learned everything I know from their documentation: https://www.freeipa.org/page/Documentation On Wed, May 2, 2018, 20:01 Thomas Groman <[email protected]> wrote: > Do you have any book or other resource recommendations for setting these > up? I already do sysadmin work, just never done centralized auth before. > > > On 05/02/2018 07:53 PM, Tomas Kuchta wrote: > > The easiest is to pick LDAP or NIS, both work very well on Linux. With or > > without Kerberos for local small setup. > > > > NIS with NFS for file sharing would be probably the simplest setup, but > you > > will eventually wish you had LDAP for integration with various other > > services. > > > > LDAP + Kerberos + NFS is probably the most common and extensible > solution. > > You will absolutely need local DNS and NTP to get it going, but it is > well > > integrated extensible solution. > > > > Another option would be to uses Samba - it combines LDAP + Kerberos, so > it > > has less moving parts and can accept Windows hosts without much headache, > > compared to LDAP and Kerberos. > > > > For both solution, you might need some enterprise admin to help setting > it > > up. If well and simply setup, it is not difficult to maintain and manage. > > IMHO > > > > Tomas > > > > On Wed, May 2, 2018, 5:36 PM Smith, Cathy <[email protected]> wrote: > > > >> There used to be dns, ldap, kerberos, nis. These are open source > >> protocols and not restricted to Microsoft. > >> > >> > >> -- > >> Cathy L. Smith > >> IT Engineer > >> > >> Pacific Northwest National Laboratory > >> Operated by Battelle for the > >> U.S. Department of Energy > >> > >> Phone: 509.375.2687 > >> Fax: 509.375.4399 > >> Email: [email protected] > >> > >> > >> > >> -----Original Message----- > >> From: [email protected] [mailto:[email protected]] On > >> Behalf Of Thomas Groman > >> Sent: Wednesday, May 02, 2018 5:16 PM > >> To: [email protected] > >> Subject: [PLUG] Linux centralized authentication > >> > >> Has anyone ever made a 100% UNIX/BSD/Linux network with centralized > >> authentication? Using native protocols not some sort of strange > Microsoft > >> AD mesh thing. > >> I wanted to build a hacker-space for a school and since it would be > >> starting from scratch there's no reason to get locked in to a Microsoft > >> product from the start. Also the Microsoft's protocols are not open > source > >> and hard to debug. They never really work well with UNIX like operating > >> systems requiring id/group mapping and such. > >> _______________________________________________ > >> PLUG mailing list > >> [email protected] > >> http://lists.pdxlinux.org/mailman/listinfo/plug > >> _______________________________________________ > >> PLUG mailing list > >> [email protected] > >> http://lists.pdxlinux.org/mailman/listinfo/plug > >> > > _______________________________________________ > > PLUG mailing list > > [email protected] > > http://lists.pdxlinux.org/mailman/listinfo/plug > > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
