FreeIPA - Linux SSO

User managent in linux is a tricky beast....it starts creeping when your company
starts growing and the number of people working on servers and such starts
pilling up.

All those people need access to resources. In the days before containers and
serverless tech, just old plain servers, developers had to have access to see
logs, check if something was misconfigured and stuff like that.

So how do you control access to resources? Make a non sudo account on a server
and let them go on their marry way. It's just a simple task that takes you about
a minute of work, and doing it for a couple of people is no biggy.

But as I've said, a lot of simple and easy things can hurt you when your company
start to grow in technical people and user requests just keep coming up.


You could do it by hand, or maybe automate it?
A good tool for automation is of course Ansible, and that way you can create an
user account on a bunch of servers very quickly. For a small number of
developers that's a pretty good solution.

But after a while (as more and more developers get hired) you would like to have
some nicer things (to make life easier), like giving a group of people the same
privileges (read, write, execure), and for that you need something different.

FreeIPA to the rescue
Freeipa [https://www.freeipa.org/page/About] is similar to Microsoft AD, its
used for user mangement on linux machine, and it's pretty awesome. The benefit
that you get is that everything is centralised, you just create a user, add him
to a specific group (like developers), add his ssh key and that's it. For every
server that's enlisted to your realm (domain, check the Freeipa documentation on
details) that developer will have access to it.

I'm not sure if FreeIPA will have it's place in the container world, but if you
are looking for user management in linux look no further, just try it