Linux Symposium

Identity management for the small (research, academic, business) workgroup

Peter St. Onge

Small workgroups (5-20) present unusual challenges in system administration, particularly in environments that experience user churn. With too many users for one-off machine management, but too few users to justify "Enterprise" identity management approaches, we often resort to the most immediate step to solve the immediate problem - get the user an account on the system so that they can do useful work in a timely manner - so that we can get back to doing the other activities that best help your user group / employer / etc.

Post-hoc analysis of significant information security breeches (eg. HB Gary Federal) shows that identity management generally, and username / password management in particular, are an often-exploited avenue of attack into information systems. Leveraging existing Insititutional authentication services reduces user work loading (one less username/password to remember), reduces sysadmin support loads (password changes are handled institutionally), and ultimately improves information security (not only do fewer systems hold passwords locally, the user can choose a better/stronger password with less concern about forgetting it).

This tutorial will focus on leveraging existing institutional authentication facilities if available, and minimize the work required if they are not. This tutorial is especially aimed at the neophyte Linux system administrator.

Policies   |   Media Archives