I'd suggest starting with trying to create a permanent tunnel (VPN or similar) back to your own network. That way, you continue to enjoy the benefits of centralized credential management.
That said, I'm presently toying with a similar problem for spinning up servers in Amazon's cloud, and not sure if the network people will let me set up a permanent tunnel, so I'm interested in seeing alternatives. I'm actually considering treating it as its own domain, complete with its own AD/LDAP environment that isn't connected to our main one. True, it's one additional place to manage passwords, but it's one place for all the servers there, instead of on a per-server basis. David Smith From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] On Behalf Of Graham Dunn Sent: Friday, February 07, 2014 9:05 AM To: LOPSA Technical Discussions Subject: [lopsa-tech] Managing centralized userids on machines that are not "local" Hi, So we're using LDAP/AD pam modules to provide user logins on our Linux boxen that are inside our network, but what are people doing for "remote" (ie. colo, DMZ, etc) servers? Generating /etc/passwd locally, then shipping it across via scp or somesuch, or setting up a tunnel back into the local network were two things I thought about, are there other approaches? Thanks, Graham
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
