Unique Authentication needs?

David A. Bandel david.bandel at gmail.com
Tue Jul 8 04:44:33 PDT 2008 

On Tue, Jul 8, 2008 at 2:31 AM, Ian Wilson <ian.m.wilson at gmail.com> wrote:
> I've inherited about 70 or so boxes from a non-profit that I do a fair
> amount of volunteer work at;  95% are linux, but there's a few running
> vms and a few running HPUX.

Can you convert the vms/HPUX boxes to Linux?  The HPUX isn't all that
important, as it should support what I will propose below, but the vms
I don't know about.  Do all systems run X?  If so, I think you're
gold.

>
> Currently, it's a "Free-For-All" with everyone having and knowing the
> root password, and general chaos.  Specific "owners" (for example, the
> dining hall) own and manage their systems, requiring root, and other
> groups (Men's health) have strict privacy requirements for maintaining
> records and other goodies.
>
> I'm looking to implement a tiered authentication system, with groups,
> and other goodies, and because of the limitations of VMS and HPUX, I
> think that LDAP is out of the equation.
>
> Is it possible to do what I'm looking for with RADIUS, or should I
> spend some time looking at getting the HPUX and VMS boxes to talk
> LDAP?  Is there a UI (can be web or console based) that can make
> adding/deleting/changing user accounts simple?  (Bonus points if it
> can link to AD.)  Or, should I just go back to bed at 3:30AM?
>
> I'm open to ideas, recommendations, and general complaints.

Here's what I would do (and have done in a school).
One server -- take your best/strongest system and make it a server
with everything needed running on it.  Install/configure X to give
remote logins.

Take all the rest of the machines and they boot up, run X -query <server>.

Now you only have to worry about the server.   It should be RAIDed and
backed up.  Any other box goes down, it can be replaced instantly, no
problem.

All the school systems get DHCP and even boot from the server (not
necessary) so the school systems don't even have hard disks.

Advantages:  speed (the apps load almost instantly once one user has
loaded something big like OpenOffice, the rest pop up _really_ fast --
no more complaints about speed), only one box to administer, the rest
either connect or don't.  Single logins (anyone can log in anywhere
and they have their home directory/their login.

Disadvantages:  requires a good 100Mb network, if the server or
network goes down, _all_ goes down.

I have teachers and staff as group staff (who can print) and a student
group (who can't print).  Server also runs squid and dansguardian
(probably not necessary for you).

Can provide more details as required, but it don't get simpler than
this.  One server, one set of accounts, one system to maintain (not
30) for everyone.

Ciao,

David A. Bandel
-- 
Focus on the dream, not the competition.
 - Nemesis Air Racing Team motto

More information about the Linux-users mailing list