13.6 Account Management

The Linux environment offers many techniques for maintaining a coherent set of accounts across a collection of machines. The most common and easiest to administer involve the use of network based account management services. When these techniques are employed, individual machines query a central authorization and authentication service of account information. These techniques are easier to manage because maintenance of account and authorization information is maintained in a central location. Examples include NIS and LDAP.

Using NIS involves maintenance of a central copy of password, group, and other security related files in a ypserver. Individual machine needing to reference these security files are configured as yp clients and automatically query a ypserver for data from the security files.

Another technique for maintaining security information involves updating security information on the machines in a cluster through a distributed push, pull, or update. The primary advantages of using this technique are performance and reliability of authorization and authentication queries. The main disadvantages include the need to initiate distributed security update procedures. Updates can become complicated if a machine is down during the update process. To overcome this a combination of push, pull, and boot time and in between job refresh must be used.