> I would like to have user passwords the same on all boxes, and to
> control who can access which boxes and who can gain root.
> All centrally managed.
>
> a) User passwords
> -> ldap
> b) control who can access which boxes
> -> ldap group
> c) control who can gain root system wide
> -> no idea?
> d) control who can gain root on a certain box only
> -> no idea?
>
> Can anyone help?

a+b are currently implemented in the following project, while c-d are
planned for v2

free: http://freeipa.org
supported: http://www.redhat.com/enterprise_ipa/

> Once that is solved, I'd like some way of managing ssh public keys.
> The LPK patch to openssh looks promising, where ldap keys are looked
> up in ldap, but this is not in RHEL.
> What do other people use for this?

i've always managed keys manually, and i've never heard of trying it with
ldap, but that sounds kewl.  maybe you could patch freeipa to support the
concept.  that'd be a nice feature.

I went to read up on LPK and found that they directed me to this:
http://code.google.com/p/openssh-lpk/
They seems to have some RPMs built on fedora that replace the standard
openssh install (not sure how I feel about that personally).

I've always handled my keys by hand, and thus <shameless plug>made a simple
cli ssh key pushing/pulling utility that I called keploy and put out on
http://keploy.googlecode.com</shameless>.

-greg

_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list

Reply via email to