Centralized Account Managment, how do you do yours?
I have a need to centralize my Linux server account management.
I have authenticated to windows domains before but now I come back to thinking about rolling this out across all my servers I find myself questioning if authenticating to Active Directory is really the right thing to do for all my systems.
If I have web/mail/dns/database etc servers sitting in a DMZ, then either I have to allow access inwards towards a Domain Controller, or put a Domain Controller in the DMZ and put it at risk, as well as allowing a possible compromise of the entire organization's user account base, this just doesn't seem sensible from the point of view of security, for which we take quite seriously here at work.
So should I maintain a separate centralized authentication system just for these Linux servers in the DMZ?
What do you use for centralized Linux account management? And what do you do about your DMZ systems?