Nick Barkas and I released Splat 1.0 today, on behalf of the Three Rings Department of Public Works. If you need to synchronise information with an LDAP directory, Splat provides a great plugin interface. Included with the distribution are plugins to create home directories, write out SSH keys with command restrictions, and write out .forward files.
We use Splat here at Three Rings to distribute SSH keys to all of our servers, allowing us to further erradicate password authentication. Splat can apply filters based on LDAP groups, so we can, for instance, apply a subversion command= restriction only on the subversion server.
Next splat plugins I want to write:
- User deletion
- Interface to our RFID card access system