UNIX Password, Roles & Node Management: Basic Overview
UNIX Password, Roles & Node Management (or just Password Management, as it's
more commonly referred to as) is a collection of perl5 scripts and modules
that automate the creation and transfer of passwd(4), shadow(4), and
sudoers(3c) files to one or more nodes. In addition to your basic
role-based user management, it provides a common HTTP-based REST-style API
that allows you to programmatically access everything there is to know
about a node or group of nodes.
If you find yourself in a situation similar to the following, then you might benefit greatly by using Password Management:
passwd(4) files at the time
seemed like the right answer.
passwd(4) style map to pull from. It's important
to note that Password Management isn't going to create a system to manage users for you;
that's not it's purpose, and it's unlikely that it will ever evolve into
such a beast. Password Management fullfills the need to quickly and reliably install users
from your central user system onto N nodes (where N may be a very large number).
If you've already got an installed system for replicating out user accounts, and you're comfortable with it, then (from an operational view) I don't advocate switching.
If you're running a centralized user sysetm (like NIS) and it extends onto the nodes you're planning to manage with Password Management, then you absolutely should not use this software. (As always, there are exceptions, and they'll most likely be covered somewhere in this documentation, but you might be asking for more trouble than it's worth.)
I certianly think so! It's been in use now for over 4 years at Covad, and gets better each itteration. Password Management indexes at last count over 950 individual nodes in ``active'' inventory (plus a few dozen in ``inactive'' inventory), and manages the user installation for each one of them. Great pains have been taken to ensure that updates are atomic and not destructive, turning what use to be a management nightmare into an afterthought on which almost all of Covad's production systems tools and services are built atop. If you opt to keep all your configuration under a revision system, you also have an easy rollback method, in case you add or remove a login to a node by mistake.
That's a pretty open ended question. You can break it down below:
crypt(3c) or MD5 checksums). So, it really has no
idea what a user's password will be.
The following platforms have been fully tested. Anything else is, well, suspect:
Major portions of this code project are:
Copyright (C) 2002-2005 Covad Communications Group, Inc.
...without whom this would not exist.
All of this code project is:
Licensed under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in
writing, software distributed under the License is
distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied. See
the License for the specific language governing
permissions and limitations under the License.
...except for the block that is the Digest::Perl::MD5 manpage. See the Notice section below.
This software contains portions of the Digest-Perl-MD5-1.5 perl5 module, released 2000-09-19 by Christian Lackas, Imperia Software Solutions. The module - in it's entirety - can be found via CPAN at
http://search.cpan.org/~delta/Digest-Perl-MD5-1.5/
This software contains code derived from the RSA Data Security Inc. MD5 Message-Digest Algorithm, including various modifications by Spyglass Inc., Carnegie Mellon University, and Bell Communications Research, Inc (Bellcore). These portions are Copyright (C) 1991-1992 RSA Data Security Inc. Created 1991. All rights reserved.
perl(1), ssh(1), passwd(4), shadow(4), sudoers(5)
Jonathan Gilbert <jong@jong.org>
$Id: pwman_docs_basics.pod,v 1.2 2005/10/20 08:46:34 jgilbertsjc Exp $