[rtfusgihkuj]

No, using Ansible to distribute public keys does not get you very far. It's fine for a personal project or even a team of 5-6 with a handful, but beyond that you really need a better way to onboard, offboard, and modify accounts. If you're doing anything but a toy project, you're better off starting off with something like IPA for host access controls.

[xorcist]

Why do think that? I did something similar at a previous work for something bordering on 1k employees.

User administration was done by modifying a yaml file in git. Nothing bad to say about it really. It sure beats point-and-click Active Directory any day of the week. Commit log handy for audits.

If there are no externalities demanding anything else, I'd happily do it again.

[kasey_junk]

There is nothing _wrong_ with it, and so long as you can prove that your offboarding is consistent and quick then feel free to use it.

But a central system that uses the same identity/auth everywhere is much easier to keep consistent and fast. That’s why auditors and security professionals will harp on idp/sso solutions as some of the first things to invest in.

[xorcist]

I found that the commit log made auditing on- and offboarding easier, not harder. Of course it won't help you if your process is dysfunctional. You still have to trigger the process somehow, which can be a problem in itself when growing from a startup, but once you do that it's smooth.

However git is a central system, a database if you will, where you can keep identities globally consistent. That's the whole point. In my experience, the reason people leave it is because you grow the need to interoperate with third party stuff which only supports AD or Okta or something. Should I get to grow past that phase myself I would feed my chosen IdM with that data instead.

[noprocrasted]

What's the risk you're trying to protect against, that a "better" (which one?) way would mitigate that this one wouldn't?

> IPA

Do you mean https://en.wikipedia.org/wiki/FreeIPA ? That seems like a huge amalgamation of complexity in a non-memory-safe language that I feel like would introduce a much bigger security liability than the problem it's trying to solve.

I'd rather pony up the money and use Teleport at that point.

[dpe82]

It's basically Kerberos and an LDAP server, which are technologies old and reliable as dirt.

This sort of FUD is why people needlessly spend so much money on cloud.

[noprocrasted]

> which are technologies old and reliable as dirt.

Technologies, sure. Implementations? Not so much.

I can trust OpenSSH because it's deployed everywhere and I can be confident all the low-hanging fruits are gone by now, and if not, its widespreadness means I'm unlikely to be the most interesting target, so I am more likely to escape a potential zero-day unscathed.

What't the marketshare of IPA in comparison? Has it seen any meaningful action in the last decade years, and the same attention, from both white-hats (audits, pentesting, etc) as well as black-hats (trying to break into every exposed service)? I very much doubt it, so the safe thing to assume is that it's nowhere as bulletproof as OpenSSH and that it's more likely for a dedicated attacker to find a vuln there.

[dpe82]

MIT's Kerberos 5 implementation is 30 years old and has been very widely deployed.