Sharing users among few hosts
Hi. I want to have several hosts, sharing the same Users Accounts database. i.e, user John will be able to seamlessly login to host1 or to host2, without having to manually config John's credentials unto each machine. Nothing more than that... LDAP seems like the solution, however, I tried to find an easy tutorial and understood that maybe it's a little bit overkill for my humble requirements. I've read about RH Identity Management ( https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/index.html ) It seemed interesting; but its DNS requirements are a little bit too complicated for scenerio (having the IDM server's public IP properly configured DNS record). Am I missing something? There must be simpler way... Thanks, Zvika
Re: Sharing users among few hosts
If you wanted to avoid DNS, then you can *temporarily* achieve that on RH Identity Management by updating the /etc/hosts files on the server and client nodes. -Tam On Mon, Feb 17, 2014 at 6:57 AM, צביקה הרמתי haramaty.zv...@gmail.comwrote: Hi. I want to have several hosts, sharing the same Users Accounts database. i.e, user John will be able to seamlessly login to host1 or to host2, without having to manually config John's credentials unto each machine. Nothing more than that... LDAP seems like the solution, however, I tried to find an easy tutorial and understood that maybe it's a little bit overkill for my humble requirements. I've read about RH Identity Management ( https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/index.html ) It seemed interesting; but its DNS requirements are a little bit too complicated for scenerio (having the IDM server's public IP properly configured DNS record). Am I missing something? There must be simpler way... Thanks, Zvika
Re: Sharing users among few hosts
Btw, if security isn't your main concern, then have a look at NIS. -Tam On Mon, Feb 17, 2014 at 6:57 AM, צביקה הרמתי haramaty.zv...@gmail.comwrote: Hi. I want to have several hosts, sharing the same Users Accounts database. i.e, user John will be able to seamlessly login to host1 or to host2, without having to manually config John's credentials unto each machine. Nothing more than that... LDAP seems like the solution, however, I tried to find an easy tutorial and understood that maybe it's a little bit overkill for my humble requirements. I've read about RH Identity Management ( https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/index.html ) It seemed interesting; but its DNS requirements are a little bit too complicated for scenerio (having the IDM server's public IP properly configured DNS record). Am I missing something? There must be simpler way... Thanks, Zvika
Re: Sharing users among few hosts
TLS/SSL won't work correctly if you use the /etc/hosts file. That is the real constraint with LDAP and DNS.But its not that severe all you need to be able to do is forward and reverse lookup the host name and match it to the IP address.You do not really need the SRV records. As long as the name in the cert matches the DNS A record for the hostname(s) and the reverse lookup of the resulting IP also matches the hostname(s) in the cert you are good.One other option is you don't really need the passwords in the LDAP database you can put it in Kerberos then you don't have to worry about clear text passwords at all and there are no DNS requirements.It takes a out 15 minutes to set up a Kerberos server and only about an hour to setup 389 server (a.k.a Red Hat Directory servera.k.a. Netscape Directory Server) from scratch to use Kerberos Auth.Then on your client configs you specify the IP addresses instead of the host names.-- Sent from my HP Pre3On Feb 17, 2014 9:09, Tam Nguyen tam8gu...@gmail.com wrote: If you wanted to avoid DNS, then you can *temporarily* achieve that on RH Identity Management by updating the /etc/hosts files on the server and client nodes. -Tam On Mon, Feb 17, 2014 at 6:57 AM, צביקה הרמתי haramaty.zv...@gmail.com wrote: Hi.I want to have several hosts, sharing the same Users Accounts database. i.e, user John will be able to seamlessly login to host1 or to host2, without having to manually config Johns credentials unto each machine. Nothing more than that...LDAP seems like the solution, however, I tried to find an easy tutorial and understood that maybe its a little bit overkill for my humble requirements. Ive read about RH Identity Management (https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/index.html) It seemed interesting; but its DNS requirements are a little bit too complicated for scenerio (having the IDM servers public IP properly configured DNS record). Am I missing something?There must be simpler way...Thanks,Zvika
