anazmy
commented
4 years ago Hi Dan,
Generally speaking, I think the "impersonation" approach - User X accessing another system as user Y - has some caveats, in terms of tracking access and attribution of actions.
For example, which human being was behind user centos who restarted a service? One can use the connecting IP for attribution but that might not the case in all environments, right?
Now, for the openstack case you mentioned and maybe some other cloud providers - AWS for example IIRC - images as well, shouldn't this user be meant for bootstrapping a VM into the orgnization's environment and dropped afterwards in favor of some sort of unified identity management?
The identity management part can be a complex behemoth as in using FreeIPA/Active Directory or just the matter of provisioning allowed users on the machine (like adding /etc/passwd entries etc...)
Would like to get your thoughts here, and what you think - to your knowledge - is the common practice in the industry , in order to help me build a better conclusion.
Hi,
Is there a way to set up a custom username for certain hosts ? (instead of root). For example, all openstack images uses default username "centos" or "ubuntu", depending on the distro.
I know that this has been asked before... just I want to know if it's planned.
Thank you, Dan.