Password Management Servers

[niels]

Hey everybody,

at the company I'm working for, the number of servers is climbing very fast nowadays.

Now we're looking for a way to manage the access to these server instances, now is using ssh and PKI, so manually deploying/managing the keys is a hard task.

Also managing password of different services on the servers, is running out of control.

Does anybody know a good way of solving this, or some software implementation that could free us from this burden?

I was thinking of maybe using the YubiKey, for authentication.

Thanks a lot in advance.

Regards,

Niels

[Sparda]

This approach may not be suitable depending on what the servers are using for. You could setup LDAP and give those who need root sudo.

[niels]

This approach may not be suitable depending on what the servers are using for. You could setup LDAP and give those who need root sudo.

I did some more investigating on my own.

And I was thinking that a setup like this would work:

Setup an OpenRADIUS or YubiRADIUS server, add all my current servers as Radius clients.

Then use a pam module with ssh so people could login.

This way I have Authentication, Authorization, and Accounting (AAA) but this has one drawback I can't manage privileges of the different users.

Downside is everybody could login on al the servers, that's something I would like to prevent.

So anybody who has a solution or comment on my idea?

Just exploring these solutions/ options / ideas myself so don't shoot me if I got the facts mixed up :).

But I'm eager to see what comment you guys have?

Does anybody has some experience with IAM systems (Identity and Access Management systems)?