UNIX Password, Roles & Node Management
Password Management's original purpose was to safely update
UNIX /etc/passwd and /etc/shadow files across multiple
homogenous environments for a number of users in a
homogenous OS installation. It's evolved to do more than
that, but it's still pretty good at this original goal.
It's currently in use at Covad Communications for the
following tasks:
- Production user management (it's original goal)
- This is a roles-based user assignment. Meshing together
login names in roles files, role assignment in an environment
tree, and environment assignment into individual nodes,
passwd(4), shadow(4), and sudoers(5) files are generated
on a per-node basis.
- passwd/shadow/sudoers triplets are transferred sanely and
safely to nodes. Transfers are done via SSH.
- Inventory management, from which the following is derived:
- hardware, OS and software audits
- monitoring
- capacity planning
- configuration management
The original author is Jonathan Gilbert (jgilbert at covad dot com, now jong at jong dot org),
with substantial contributions by the following:
- Andy Miller (amiller at covad dot com)
- Ben Lee (blee at covad dot com)
- Frank Stutz (fstutz at covad dot com)
- Kumar Pattukkottai (kumarp at covad dot com)
- Patrick Hess (phess at covad dot com)
- Sven Sjoberg (svens at covad dot com)
On 10/07/2005, immediately following the roles merge, the
code was branched into a "public_root" tree. That
tree is what you're reading from right now. It contains a
slightly sanitized copy of the codebase (the Covad
specific settings and workaround are removed, and most
of the foul language has been deleted - sorry). Following
sanitization it was uploaded to the public for use, modification,
extension, whatever - it's out under the Apache 2.0
OSS license. Have a ball with it.
Download
You can get a copy of it via the sf.net download page.
Documentation
...such as it is, is listed here.
RFE, Bug Reports, Questions
...should be directed to the appropriate sf.net project sections: