Unix – Options for Centralizing User Management

ldapunixuser-management

We have 15 Debian servers and growing.

What's a simple, lightweight method for centralizing user management? Use cases would be adding a user across all servers, tweaking a users access on a specific server(s), removing a user from all servers.

LDAP is an option but seems too full on for my needs. I'd rather something with the simplicity of useradd/groupadd, just spread across multiple machines. Web interface would be nice but not necessary. Git interface could be really cool.

Best Answer

There's several options, but it largely depends on your goals. LDAP is a lot more "light-weight" than you think. It's name is "Lightweight Directory Access Protocol" after all. A lot of it's "bulk" comes in when you add extra stuff to it. Of course, you can use almost anything to centralize authentication when it comes to *nix flavored OSes with PAM. Even a flat-text file if you so choose. Kerberos is another option... Radius... Samba/Active Directory... the list goes on. The biggest question is... how much do you want it to do... and what do you want from it?

Related Solutions

Unix user alias

Yes, create the new user and set its UID to be the same as the other one.

This is commonly used to create "alternate" root logins.

Linux – How to rename a Unix user

Under Linux, the usermod command changes user names. It modifies the system account files to reflect the changes that are specified on the command line.

To change just the username:

usermod --login new_username old_username

To change the username and home directory name:

usermod --login new_username --move-home --home path_to_the_new_home_dir old_username

You may also want to change the name of the group associated with the user:

groupmod --new-name new_username old_username

Best Answer

Related Solutions

Unix user alias

Linux – How to rename a Unix user

Related Topic