An ongoing effort to reduce potential attack surface on privileged components of system administration by rewriting them in modern programming languages or introducing new components creates additional problems as well. The system management at scale requires centralization of the access controls, yet most of the new tools do not have such capabilities or don't really concern with such use cases.

In this talk we'd reflect on our experience of supporting large organizations relying on the infrastructure provided by FreeIPA and SSSD.