SSH certs signed by your own central CA (Most people aren’t aware of it, but OpenSSH can use CA certs), I usually set things up for ansible that way, but, of course, it works just fine for actual users, too (Why no ansible, though? It’s an extremely lightweight option that simply reduces common mistakes).
No Ansible, No LDAP: How to use single sign-on for app/server access across multiple servers
Submitted 3 days ago by poVoq@slrpnk.net to selfhosting@slrpnk.net
https://d1.hackers.moe/notes/no-ansible-no-ldap/
Comments
Arcanoloth@lemmy.ml 3 days ago
belated_frog_pants@beehaw.org 3 days ago
“Give everyone the same username and password” super fast, no need for account management
floquant@lemmy.dbzer0.com 3 days ago
How do y’all feel about FreeIPA? I deployed it a couple of times and I quite like it, but it’s not something you can whip up in an hour or two. The list of gotchas and “deployment considerations” all but guarantee you’ll have to reinstall the server at least a couple of times.