view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
What's wrong with LDAP for users? (I'm trying to think of a negative, and can't).
Yet another service to maintain. If the server is crashing you can't log in, so you need backup UNIX users anyways.
You need backup local admin accounts, not Backups for each user.
Which is how enterprise does things. There are local accounts with root access, but the id's and passwords are tightly controlled.
Then you don't understand how it works with local auth services.
Would you mind educating us plebs then? I had a similar question to op, and I can assure you, I definitely don't understand local auth services the way I probably should.
Your local auth services are configured to use LDAP as a source, whatever your local auth mechanism is checks credentials, and then you're auth'd or not. Some distros have easy to use interfaces to configure this, some don't, but mostly it's just configuring pam.d (for Linux), and a caching daemon of some sort to keep locally cached copies of the shadow info so you can auth when the LDAP server can't be contacted (if you've previously authenticated once). You can set up many different authentication sources and backends as well, and set their preferences, restrictions, options...etc.
RHEL/Fedora examples: https://www.redhat.com/sysadmin/pam-authconfig
Debian examples: https://wiki.debian.org/LDAP/PAM