I have 20 linux servers, a mix of Red Hat, CentOS (ie. Red Hat), Ubuntu, and potentially other distros in the future. Half of these reside in various DMZs, the other half internally.
Currently we manage all 20 servers as separate devices - no centralized user management.
I need to move to some type of central user management that includes strong auditing for any root level access either directly with root accounts or through escalation of privileges (SU / SUDO).
The caveat here is that my DMZ boxes should have no direct connection to my internal network. Instead, the centralized management of users, passwords, and audit logs needs to come from the central internal box and reach out to the DMZ.
This means no NIS+, no LDAP, etc. as the local boxes cannot check a central directory. Instead, each local box must have a local store of the credential database and authenticate against their individual local store.
I found one product so far that meets my needs. It is PowerBroker from Symark. It works great for what I need. However, it's extremely expensive. To implement this product on 20 servers I'm looking at more then $60k. Kind of hard to express that fact to management when we're moving our boxes into free open-source and away from paid distros like Red Hat as a cost savings initiative.
So I'm looking for a product that meets my needs like PowerBroker does, but at some fraction of that cost.
Any ideas? What do other people use to centrally manage Linux boxes - other then some directory service?