From: Michael DeSimone (michael@desimone.net)
Date: Fri Feb 11 2005 - 12:45:28 EST
Hello Gurus,
I have a number of developers who *absolutely must have* access to our
production systems ~60 Suns all on Solaris 8. The 6 development through
staging environments are not enough. Currently they all use a couple of
shared accounts. I have finally (after more then a year - this practice
was one of the first things I complained about) received approval to
revamp our ID management system (currently simple machine level passwd
file), I guess management got tired of developers accidentally changing,
removing and bouncing production apps. I was considering doing an LDAP
based authentication scheme. I have found a number of docs on how to do
this but not much information on experiences. If any one has
implemented this or has decided against it for some reason(s) I would
appreciate it if you could share your experience. If anyone thinks using
something else would be better suited to my needs I would appreciate
your input as well. I have listed my top issues below. I will summarize.
Thanks for your time.
Accounts for 50+ individuals who only need permission *to look at
things*, essentially read only access to most file systems
Accounts that can only be su'd to from root (or other, specific
accounts) and can not be logged into from anywhere but still have a
fully functioning shell
Centralized management of user IDs and groups
Thanks again,
michael
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:10 EDT