Re: How to manage passwords of lots of server?

[Nick Owen <nickowen () mindspring com>]

MontyRee wrote:
> Hello list..
>  
> Please share your valuable experience.
>  
> I  have operated thousands of linux and w2k servers in the datacenter.
> So if I will change the admin(root) password, actually it is impossible..
> (because there are so many servers..)
>
> Mainly I use ssh at linux and terminal server at windows server to remote login. 
>
> So is there any good method or solution to solve this problem?
> How about radius? is it best solution at my case?
> then, anyone who have used radius(free or commercial) well at this environment?
>   

Radius is a great solution for this, IMO.  It is much simpler than LDAP 
for authentication (as LDAP is designed to do much more).

Use PAM-radius for SSH and IAS for Microsoft.  Configure a centralized 
server and point the boxes to it.  If the users are in AD, then use IAS. 
 If the users are in ldap, then look at freeradius.  Radius will also 
proxy to other radius servers, which you will need it you want to do 
two-factor authentication down the road.

HTH,

Nick

--
Nick Owen
WiKID Systems, Inc.
404-962-8983 (desk)
http://www.wikidsystems.com
Two-factor authentication, without the hassle factor.