Linux Central Authentication

aws iam isn't open to managing resource outside of aws was the closest i found and seemed like a giant hac - patching openssh to store keys
The OpenSSH LDAP Public Key patch provides an easy way of centralizing strong user authentication by using an LDAP server for retrieving public keys instead of ~/.ssh/authorized_keys.

google authenticator has a cool pam module.. but i need soln that less trendy, more practical

using ldap to centralize account information and using a configuration management tool like chef or puppet to distribute authorized_keys file doesn't seem to allow for the granularity required. Need to be able to limit which users can access which hosts without complicated exception rules in configuration management tool

Arrived at freeipa.


Post a Comment