Internet Account Replication (IAR) replicates POSIX user credentials between hosts. It is like NIS, but it:
- Is really easy to use — it practically works out of the box;
- Works over the Internet — it is compatible with regular firewalls; and,
- Uses SSH to encrypt the data-flow
It utilizes GNU nsswitch.conf (in glibc) for integration, so it works on all modern Linux distros. (Installation is automatic, so no knowledge of nsswitch.conf necessary.)
GNU GPL 3 licensed.
Downloads: Via SourceForge
Instruction Manual: Here
SourceForge Project Page: Here
NewsMar 16, 2016 - Update
The script contains a bug which sets the permissions too tight for "/var/lib/iar/client" on clients and slave servers. To correct, after setup run:
$ chmod o+rx /var/lib/iar/client
The source tree is now also available in this public fossil repo. In the next several days, pending improvements will start to be committed including:
- Fix for the bug described above.
- Message text and formatting improvements.
- Removal of the requirement for NixHash on non-apt (.deb) servers. This will benefit Redhat, Fedora, OpenSuSE, SLES, etc.
- Support for the nscd credential cache. This will particularly benefit OpenSuse and SLES.
- Status message improvements.
Mar 16, 2015 - Version 0.99.7 Released
- Improved documentation
- Bugfixes; more security, better status display, group management fix
$ iar Internet Account Replication - IAR ver 0.99.7 (Protocol ver 1.0.0) Authors: Peter Fedorow, Brian Tiffin Copyright (C) 2014, 2015 Hotel Communication Network, Inc. This tool replicates account credentials over SSH from servers to clients. It is designed as a simplified successor to NIS and trivial alternative to LDAP for synchronization of POSIX account credentials. The NSS module is derived from the nss-extrausers module. Almost all IAR commands require root permissions, unless marked below as (non-privileged). This requirement includes "iar status" Usage: /usr/bin/iar [-h|--help] | COMMAND Commands: help Display this help message (non-privileged) status Display program status client Invoke client mode client-dynamicpolling Dynamically decide if now is a resource efficient time to run the client server Invoke server mode for testing - "iar-server" symlink also does, but very quiet client-setup Sets up system to autorun client via cron/init job server-setup Creates account for server-mode ssh invocation servermode master|slave Switches between 'master' and 'slave' mode approve Approve a client to retrieve account data from the server approve-subnet <subnet> Approves all clients connecting from given subnet. Hint: Unsafe, do not use. adduser <username> Replicated user-account: create a user deluser <username> Replicated user-account: delete a user passwd <username> Replicated user-account: change a user's password lock <username> Replicated user-account: lock / disable password and keypair login for an account unlock <username> Replicated user-account: unlock / reverses lock for an account lockpasswd <username> Replicated user-account: lock / disable password login for an account unlockpasswd <username> Replicated user-account: unlock / enable password login for an account addgroup <groupname> Replicated user-account: create a group delgroup <groupname> Replicated user-account: delete a group remove Uninstall server and client, logs and configuration remain purge Performs a "remove" first. Purges all -logs- and -configuration-. Like it was never installed. Report IAR bugs to firstname.lastname@example.org Internet Account Replication home page: <http://iar.sourceforge.net/> For complete documentation, see: docs/sphinx/index.html ie. 'www-browser docs/sphinx/index.html'
Dec 19, 2014 - Version 0.99.1 Released
- Added ability to whitelist subnets.
- Major documentation improvements.
- Implemented "servermode" command for easier switching between "master" and "slave".
- Include HTML version in documentation packages.
- Minor code clean-ups.
- Program and packaging bug fixes.
$ sudo iar status Using configuration "/etc/iar/iar.conf" Status ------ Mode=Client Last-Successful-Poll: iar:22322 on Fri Dec 19 00:53:28 EST 2014 Status: Client - Clean exit. Running on AC. Dynamic polling off.
Dec 5, 2014 - Version 0.98 Released
- Packaging improves including software dependency fixes
- Substantial documentation improvements
Dec 2, 2014 - Version 0.96 Released
- Numerous bug fixes
- Improved documentation
- Display the client's last run status message on "status" screen.
Dec 1, 2014 - Version 0.95 Released
- First SourceForge Release
- Added client-setup, server-setup, remove, purge, dynamic polling
- Documentation updates