Chef-ing a few key sysadmin accounts and using caching for client accounts seems fine. Most of them never log in directly to the boxes anyways, they poke me to fix things for them. This would be helpful for delegating non-critical things via web apis, though.
-- ~*~ StormeRider ~*~ "Every world needs its heroes [...] They inspire us to be better than we are. And they protect from the darkness that's just around the corner." (from Smallville Season 6x1: "Zod") On why I hate the phrase "that's so lame"... http://bit.ly/Ps3uSS On Sat, Nov 1, 2014 at 8:45 PM, Mark McCullough <[email protected]> wrote: > I would be very cautious about putting your authentication framework for > your internal systems in a remote (i.e. cloud) service. That methodology > seems to be asking for trouble: security, stability, performance, you name > it. > > Before I would go that route, I'd ask yourself, what is your expectation > for availability for your authentication framework? I'm cynical of caching > as a be-all answer for all (okay, many) shops when it comes to > authorization and authentication. > > Could I be overly paranoid? Of course. But we are talking about a core > security framework for your network. A little extra paranoia may be > worthwhile. > > > On 2014 Nov 1, at 19:39 , Morgan Blackthorne <[email protected]> > wrote: > > > > ... How did I miss that AWS was doing that? Thanks, Yves. Poking around > at that now. > > > > -- > > ~*~ StormeRider ~*~ > > > > "Every world needs its heroes [...] They inspire us to be better than we > are. And they protect from the darkness that's just around the corner." > > > > (from Smallville Season 6x1: "Zod") > > > > On why I hate the phrase "that's so lame"... http://bit.ly/Ps3uSS > > > > On Sat, Nov 1, 2014 at 7:23 PM, Yves Dorfsman <[email protected]> wrote: > > On 2014-11-01 20:13, Morgan Blackthorne wrote: > >> I may have spoken too soon. Everything I'm finding shows that Azure > Active > >> Directory is more for web apps and native Azure ACLs than it is a true > AD > >> service; ie, no LDAP access, etc. It's more equivalent to IAM. > >> > >> Anything else like that out there? > > > > http://aws.amazon.com/directoryservice/ > > > > -- > > Yves. > > _______________________________________________ > > Discuss mailing list > > [email protected] > > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > > This list provided by the League of Professional System Administrators > > http://lopsa.org/ > > > > _______________________________________________ > > Discuss mailing list > > [email protected] > > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > > This list provided by the League of Professional System Administrators > > http://lopsa.org/ > > > ---- > "The speed of communications is wondrous to behold. It is also true that > speed can multiply the distribution of information that we know to be > untrue." Edward R Murrow (1964) > > Mark McCullough > [email protected] > > > > >
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
