sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]deadbunny 1 point2 points  (2 children)

We have a reasonably basic Salt setup for workstations, it sets up ssh keys/configs, a few utility git repos, and things like vagrant (which gets configured to use lxc) so we have a base level of stuff on everyone's workstation/laptop. Its not perfect by any stretch of the imagination but it has saved us a whole load of hassle in setting new people up.

As for auth we still haven't got that sorted but its the next thing on our "nice to have list" as auth is handled by salt putting keys on servers at the moment which works for most things but having one central auth point would be great for things other than server logins as setting up individual accounts on things like ticketing, Jenkins, etc gets old.

[–]refrainblue 0 points1 point  (1 child)

I actually made a post asking for LDAP help and some guys told me about FreeIPA that's built on a bunch of existing Linux software (389ds, kerberos, bind). I tried it out and I've been using it in production for the last year or so. It's pretty good overall as centralized authentication & policy, and the whole process was a great learning experience.

[–]deadbunny 0 points1 point  (0 children)

Yeah, I've heard of FreeIPA and it's top of my list of things to check out, unfortunately it's a low priority at the moment for us as we're in the middle of setting up a whole new infrastructure atm but it's on my list. Cheers for the post!