Dirless is purpose-built for simplicity. Each piece does one thing well, and the whole system runs on your existing infrastructure.
Runs on an EC2 instance inside your AWS account. Pulls users, groups, and memberships from IAM Identity Center using the EC2 instance role - no static credentials ever stored. Pushes snapshots to the backend over mTLS.
Receives identity snapshots and stores them as the canonical copy. Serves agents on demand. Powers the management plane. Hosted on our 3-node global cluster, or self-hosted by you.
Runs on every Linux host. Polls the backend and writes a fresh identity snapshot to a local database. If the backend is unreachable, the last snapshot keeps NSS working - no lockout.
A small shared library that hooks into getpwnam,
getgrnam, and friends. Reads from local storage only -
zero network calls at lookup time. Works on any Linux distro.