forked from Demeterr/iam_acctmgr
-
Notifications
You must be signed in to change notification settings - Fork 0
Synchronize local Name Service Switch database against AWS IAM
License
bruj0/iam_acctmgr
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
aws_acctmgr =========== ``aws_acctmgr`` synchronizes a local NSS database against Amazon Web Services (AWS) Identity and Access Management (IAM) with the primary use-case of providing SSH access to AWS EC2 instances for remote administrators. This relies on the SSH Public Key metadata feature added to AWS IAM. Note that the AWS documentation currently only mentions this feature in the context of the AWS CodeCommit product but the API naming itself has no such context. See: https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSSHPublicKey.html https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSSHPublicKeys.html Features: * UID derived by the IAM UserID property, users will always have the same UID across all the intances * IAM groups for Sudo users and regular users. * Automatic creation of users home directory using the skel profile. * Local groups support IAM users are not added to the system via traditional mechanisms (e.g. ``/etc/passwd``). Instead they are registered in a dedicated directory provided by the "libnss-extrausers" package. The host's ``/etc/nsswitch`` should have ``extrausers`` appended to the ``passwd`` and ``shadow`` entries. passwd: compat extrausers group: compat extrausers shadow: compat extrausers See: https://packages.debian.org/jessie/libnss-extrausers Manual Installation ------------------- * Install the package libnss-extrausers for your distribution, you can find RPMs for Centos here * iam_acctmgr_configure is used to add the configuration to the proper services. # git clone https://github.com/bruj0/iam_acctmgr.git # cd iam_acctmgr # python setup.py install # /usr/local/bin/iam_acctmgr_configure --sshd /etc/ssh/sshd_config --nsswitch /etc/nsswitch.conf --pam /etc/pam.d/sshd /usr/local/bin # service sshd restart # mkdir /var/lib/extrausers/ # /etc/init.d/iam_accrtmgr start RPM Based Install ----------------- I have created 2 rpms for Amazon Linux version amzn-ami-hvm-2017.09.1.20180115-x86_64-gp2 (ami-97785bed) : https://github.com/bruj0/iam_acctmgr/releases/download/0.2/iam_acctmgr-0.2-1.noarch.rpm https://github.com/bruj0/iam_acctmgr/releases/download/0.2/libnss-extrausers-0.6-0.x86_64.rpm $ rpm -i iam_acctmgr-0.1-1.noarch.rpm $ rpm -i libnss-extrausers-0.6-0.x86_64.rpm $ /usr/bin/iam_acctmgr_configure --sshd /etc/ssh/sshd_config --nsswitch /etc/nsswitch.conf --pam /etc/pam.d/sshd /usr/bin $ service sshd restart $ /etc/init.d/iam_accrtmgr start $ chkconfig --add iam_acctmgr $ chkconfig iam_acctmgr on See Also -------- https://github.com/google/nsscache Forked from ------------ https://github.com/Demeterr/iam_acctmgr https://github.com/bshi
About
Synchronize local Name Service Switch database against AWS IAM
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published
Languages
- Python 93.1%
- Shell 6.9%