I'm setting up a small LAN for my team. It will, for all intents and purposes, not be connected to any external networks. I would like it to have centralized control of user accounts (at least, I think I'd like that; I'm also considering using puppet, so theoretically I could just push /etc/passwd changes, or something). The number of machines is fixed, but not very small. Mostly they're 'attached' to a single user, but sometimes people work remotely on someone else's box; and there are a couple of servers.
I've read this question, but my scenario is much simpler (even simpler than in this question) and I'd like to do something (relatively) quick, with not much hassle, but not a dirty totally-insecure hack. Is NIS relevant for my scenario? If not, what's the most hassle-free way to set up LDAP (or LDAP+Kerberos) to achieve the same?
Notes:
- I have no experience with setting up either NIS or LDAP.
- We use Debian-flavored Linux distributions, mainly Kubuntu 12.04 (not my choice, but that's the way it is).
I don't think anybody uses NIS anymore - or at least, wants to.
The fastest and easiest way to get a nice LDAP+Kerberos environment up is FreeIPA. It's easy and light enough that I even use it at home.
Red Hat's Identity Management Guide is a great introduction to FreeIPA and will get you up and running quickly.
Note that while Ubuntu has FreeIPA, the version in 12.04 LTS is older and may have bugs or missing features compared to more recent versions.
IAR (Internet Account Replication) is what you are looking for. It is mostly a shell script, and it's very easy to use. It uses SSH for transport -- no portmapper/RPC ugliness like NIS, and it uses GPG for verification. It has been used in production on Ubuntu and Redhat. It is no LDAP, so it definitely is not intended for all purposes...but it replaces NIS for most uses, and it is really easy to setup. That said, I'm one of the authors of the quick pretty elegant hack that IAR is, so I might be a tad biased.
The docs, a .deb repo, and online source code browser are available at iar.hcn-inc.com. RPMs and a tarball can be downloaded from sourceforge.net