On 2/7/07, Alan DeKok <aland@deployingradius.com> wrote:
Nick Owen wrote:
I am looking for the best way to provision groups of users for temporary access across multiple servers. The users would be using ssh and sudo. They would be assigned to a group of servers, then removed after the job was complete. There a hundreds of servers involved.
RADIUS may not be a good way to do this, because the users will still need UID's, etc., which RADIUS doesn't supply.
I think we can put the UIDs into our auth server, which supports radius.
I was hoping that the requests would come from the target server to the freeradius box, which would check to see if that user/group had current rights to that server, then proxy the auth request to our auth server to validate the one-time password. -- Nick Owen WiKID Systems, Inc. 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com At last, two-factor authentication, without the hassle factor Now open source: http://sourceforge.net/projects/wikid-twofactor/