Skip site navigation (1) Skip section navigation (2)

Re: authentication services

From: Mark Wong <markw(at)osdl(dot)org>
To: Selena Deckelmann <selena(at)chrisking(dot)com>
Cc: pdxpug(at)postgresql(dot)org
Subject: Re: authentication services
Date: 2006-10-19 23:07:21
Message-ID: 45380529.5060301@osdl.org (view raw or flat)
Thread:
Lists: pdxpug
Selena Deckelmann wrote:
> 
> On Oct 19, 2006, at 3:21 PM, Mark Wong wrote:
> 
>> It sounded like a few people had authentication services experiences 
>> so I wanted to ask for some advice.  I have more than a half dozen 
>> systems I use for testing and that I share with other users when they 
>> want to get onto the systems.  Does it make sense to use a service 
>> like ldap to manage the system (linux) users as well as the database 
>> users?  Or am I asking for more work than it's worth?
> 
> It definitely makes sense. Centralizing your authentication data makes 
> it way easier to maintain (to remove a user, you delete/disable it in 
> *one* place!), and makes the life of your users way nicer (fewer 
> passwords to misplace, mistype, misremember).  You'll still have to 
> create new users on each of your database clusters, but it would be 
> pretty easy to automate this from a central LDAP server.
> 
> Would you have to maintain the LDAP server yourself, or could you use 
> someone else's server?  I'd recommend the latter if you can swing it.  
> They'd set up a separate subtree for you, and hopefully they'd have 
> their own user creation system you could use.

I'd have to do it myself.  We had ndis at one point but I think it's 
gone now without anything to replace it.

> If you're interested in maintaining your own LDAP server, you'll just 
> need to spend a little time learning the tools and writing a few scripts 
> to automate add/delete users and group memberships.  Or maybe there are 
> some good LDAP mgmt tools out there now: 
> http://www.linuxtopia.org/HowToGuides/how_to_configure_LDAP/graphicaltools.html 

I'm interested in not having to manage users. ;)  I'll take a look, if 
it's not much work I don't mind doing it.

Mark

In response to

pdxpug by date

Next:From: Selena DeckelmannDate: 2006-10-19 23:07:40
Subject: Re: authentication services
Previous:From: Selena DeckelmannDate: 2006-10-19 22:47:01
Subject: Re: authentication services

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group