Userify Shim: How It Works
The Userify Shim (external:github.com) calls the existing Linux utilities, such as adduser and sudo, and so does not make any changes to your core operating system, PAM, or NSS. It's designed to never break or interfere with other system management tools.
Your server nodes periodically contact the Userify server (for example, Userify Cloud, your Userify Express server, or your Userify Enterprise cluster). This poll period is partly randomized but can be adjusted from 5 seconds up to approximately five minutes (it's preset to approximately 90 seconds in Userify Cloud.)
During each poll period, your servers request their latest user lists and public keys from Userify, and then create their local user accounts using standard Linux tools like
Unlike a directory-backed service, this design is extremely reliable, because locally managed and created user accounts are still accessible even if your Userify server is offline or inaccessible. Even if the connection fails or even if the shim were to completely die, your locally created user accounts are always accessible. The shim itself is similarly designed to be reliable and avoid memory leaks by restarting itself each poll cycle.