I'm attempting to create a centralized database for my users for my server and web accesses, so that I can allow those users to log in through ssh if they have access, and through my web services to view their account and system information.
I've read about LDAP, but I want to be able to manage the users in a different database such as Postgresql so I can more easily tie the database into my web services, and control the SQL migrations and schemas if I need more user details.
I looked into something like Puppet, but it's a little too much for what I'm looking to do, and I don't need to manage multiple servers at the moment. I tried to research how Puppet handles server user auth but I didn't find too much information.
My question: Is there a way to create a centralized database of user information in something other than LDAP, such as Postgres, that I can use to authenticate ssh and web users against?
Best Answer
Yes.
System authentication on Linux and UNIX systems has been through the PAM, Pluggable Authentication Modules for decades.
The PAM principle is that if you want to use a new authentication back-end you don't need to recompile all applications that use authentication such system auth, ssh, ftp, telnet sudo etc. Simple load the correct module and everything that uses PAM can automatically use the new authentication back-end.
So if your applications use PAM (and many, many do) and there either already exists or you can create a PAM module for your alternate user/authentication store you're done.
pam-pgsql is one such PAM modules that uses a table in a PostGres SQL database. That would make integration with web application easy as well, or you could use the PAM integration of your webserver as well for authenticated access.
In addition some applications have native integration with database backends, outside of PAM.