Simple, centralized user management on a small LAN – NIS or LDAP?

einpoklum asked:

I’m setting up a small LAN for my team. It will, for all intents and purposes, not be connected to any external networks. I would like it to have centralized control of user accounts (at least, I think I’d like that; I’m also considering using puppet, so theoretically I could just push /etc/passwd changes, or something). The number of machines is fixed, but not very small. Mostly they’re ‘attached’ to a single user, but sometimes people work remotely on someone else’s box; and there are a couple of servers.

I’ve read this question, but my scenario is much simpler (even simpler than in this question) and I’d like to do something (relatively) quick, with not much hassle, but not a dirty totally-insecure hack. Is NIS relevant for my scenario? If not, what’s the most hassle-free way to set up LDAP (or LDAP+Kerberos) to achieve the same?

Notes:

  • I have no experience with setting up either NIS or LDAP.
  • We use Debian-flavored Linux distributions, mainly Kubuntu 12.04 (not my choice, but that’s the way it is).

My answer:


I don’t think anybody uses NIS anymore – or at least, wants to.

The fastest and easiest way to get a nice LDAP+Kerberos environment up is FreeIPA. It’s easy and light enough that I even use it at home.

Red Hat’s Identity Management Guide is a great introduction to FreeIPA and will get you up and running quickly.

Note that while Ubuntu has FreeIPA, the version in 12.04 LTS is older and may have bugs or missing features compared to more recent versions.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.