Now that we’ve had a good look at user identity, we can begin to address the administration aspect of user accounts. Rather than just show you the select Perl subroutines or function calls you need for user addition and deletion, we’re going to take this topic to the next level by showing these operations in a larger context. In the remainder of this chapter, we’re going to work towards writing a bare-bones account system that starts to really manage both NT and Unix users.

Our account system will be constructed in four parts: user interface, data storage, process scripts (Microsoft would call them the “business logic”), and low-level library routines. From a process perspective they work together (see Figure 3.2).

Figure 3-2. The structure of a basic account system

Requests come into the system through a user interface and get placed into an “add account queue” file for processing. We’ll just call this an “add queue” from here on in. A process script reads this queue, performs the required account creations, and stores information about the created accounts in a separate database. That takes care of adding the users to our system.

For removing a user, the process is similar. A user interface is used to create a “remove queue.” A second process script reads this queue and deletes the users from our system and updates the central database.