[Moved] Identity Crisis

Latest response

Having done it for the last 18 years off and on, I can speak with a certain gravitas and authority when I say user provisioning sucks. I'm not belittling it; identity and access management is the foundation for every good network. They are critical for ensuring proper security and controls. Sadly, they're just not all that fun to keep up with all the time. The distributed nature of UNIX and Linux can add real headaches with trying to present a consistent login experience for users and to manage.

That's where Enterprise Directories really can be helpful. These databases can help off-load the adminstrivia that comes with system management and ensure security is enforced where you need it. Directories come in all sizes and flavours. At their most "basic" levels, RHEL can outsource it's security to an LDAP server. Be aware there are some differences between RHEL versions to do this, but here are a few good articles to get you started:

   How do I configure Red Hat Enterprise Linux 6 machine as an LDAP Client?

     https://access.redhat.com/site/solutions/62794

 

   For using LDAP, what of SSSD/nscd/nslcd/sudo should I use for authentication on RHEL6?

     https://access.redhat.com/site/solutions/55840

 

"LDAP" can be a lot of things, it could be an openLDAP server, it could be a 3rd party vendor's product, or it could be Active Directory. For those of you that have AD in your environment (ha. a joke, I know) there are some further enhancements and hooks that can be setup:

 

   Introductory concepts when integrating Red Hat Enterprise Linux with Active Directory

     https://access.redhat.com/site/solutions/17827

 

   How do I authenticate RHEL to Active Directory using sssd?

     https://access.redhat.com/site/solutions/43646

 

   How to join Red Hat Enterprise Linux 6 to Microsoft Windows Active Directory 2003 domain using Kerberos and samba/winbind method ?

     https://access.redhat.com/site/solutions/67432

 

For RHEL we've got a complete guide to Identity Management that you might find helpful

     https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/index.html

 

Now for an all Red Hat solution, we have a GREAT Directory Server product that lots of folks use. Details about it can be found here:

   https://access.redhat.com/site/documentation/Red_Hat_Directory_Server/

 

So hopefully some of this data can make your data a little less sucky, and take some of the burden of user management off of your shoulders. Let us know if you're using an Enterprise Directory and if you have any helpful suggestions here for the Community that could help someone else make their lives easier!

Responses