@craig0990 with all the configuration management we have nowadays, I sometimes wonder if its really necessary anymore. Adding a user to 1000 systems is about as easy as adding the user to one system... At least with linux and ansible/puppet/chef etc. Good configuration management can solve this problem.
@charims @craig0990 I worked at a company where they used puppet to install your "user package" and SSH keys on every machine you needed access to. If you only needed an SSH key, that'd be one thing, but you still needed a randomly generated password (PGP encrypted and sent to your e-mail) to sudo; so on password rotations you'd still have to update password on every machine. The admins advocated against LDAP because ...reasons? It turned into a terrible fucking holy war. You do need LDAP/krb!
@charims The actual LDAP protocols and LDIFs themselves aren't too bad, and you can find libraries that are small, but once you try to tackle AD or have LDAP replication or add on kerberos or anything else and it does blow up into a beast. It's not as bad as SOAP which is not Simple at all, but I see @craig0990 's point.
I now have #keycloak running for OIDC, which in turn is now fronting OpenLDAP, but oh my word is LDAP the more esoteric of the two.
I think I understand that if you're used to this it's second nature, but as a newcomer, it's incredibly opaque. And people call #oauth complicated 😓😅
@djsumdog @craig0990 idk, seems like its possible to distribute your password hash for the shadow file to every system. This would let CM update your password everywhere. Yes, admins would have access to your hash, but they already do in the /etc/shadow file...
If you really need a solution, IPA (and M$ AD as much as I despise it) seems to do a good job if you need LDAP/kerb. I guess it depends on the size of your team of course. But # of systems shouldn't matter anymore.
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!