When you only have few Linux machines and sysadmins, a simple local machine authentication would do a fairy good job.
Imaging if you have 64 Linux box(and growing) and 4 sysadmins. To keep and maintain sudo access up-to-update would be a daunting task.
Why not get Linux and Windows talk to each other if you already have Active Directory on your environment?
- First you will need to ensure Linux machine A record added to AD DNS server
- create a AD group called linixadmin and add admin user to the group
- Next run the following command on Linux client box
yum install samba-common samba-winbind pam_krb5 sudo authconfig;
chkconfig winbind on;
mkdir /home/[your domain name-mycompany];
chmod 0777 /home/mycompany;
echo "%linuxadmin ALL=(ALL) ALL" >> /etc/sudoers;
authconfig \
--disablecache \
--enablewinbind \
--enablewinbindauth \
--smbsecurity=ads \
--smbworkgroup=MYCOMPANY \
--smbrealm=MYCOMPANY.LOCAL \
--
--winbindtemplatehomedir=/
--winbindtemplateshell=/bin/
--enablekrb5 \
--krb5realm=MYCOMPANY.LOCAL \
--enablekrb5kdcdns \
--enablekrb5realmdns \
--enablelocauthorize \
--enablemkhomedir \
--enablepamaccess \
--updateall \
net ads join -U "AD Admin account i.e. joesoh";
service winbind restart
===
Note: MYCOMPANY.LOCAL is your AD domain name
Try logon using you Windows ID and password.
Now who says Windows and Linux don't talk?
