I’m curious as to why someone would need to do that short of having a bunch of users and a small office at home. Or maybe managing the family’s computers is easier that way?
I was considering a domain controller (biased towards linux since most servers/VMs are linux) but right now, for the homelab, it just seems like a shiny new toy to play with rather than something that can make life easier/more secure. There’s also the problem of HA and being locked out of your computer if the DC is down.
Tell me why you’re running it and the setup you’ve got that makes having a DC worth it.
Thanks!
Thanks for the great answer.
Using AD for SSO in git-frontends and other applications is a fantastic idea. I will probably also run FreeIPA (that’s a name I hadn’t heard in a while till this thread, from another commenter) and have a trust relationship.
You’re right, this is probably better for learning rather than actually using at home, since most of my computers are linux/BSD, so if I needed a central auth server, I’d probably be better off using something made for *nix.
With that said, I had a curious idea - can I spin up temporary credentials, using something akin to service/machine accounts, rotate credentials and invalidate credentials freely etc? In essence, I’m wondering if this can be a way to implement a sort of homegrown “AWS STS” alternative, for app secrets, workers and the like. I was initially looking at secret management suites like Vault and Conjur but what if this can do it?
Also, can AD encrypt the DB? Can FreeIPA do it? I’d like such an option for security.
Thanks!