Server

Revision 1 as of 2006-10-29 16:10:49

Clear message

Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.

Summary

This is a first effort to try to move out serverstuff from NetworkAuthentication.

Rationale

Use cases

Scope

Design

Implementation

  • Metapackage to depend on slapd & krb5-admin-server

  • User/group administration tools - Creation of Kerberos principals & modifying entries in LDAP

  • migrationtools equivalent to also create kerberos principals & LDAP entries

Code

Data preservation and migration

Packages Affected

* slapd * krb5-admin-server * krb5-kdc * ...

User Interface requirements

  • Server-side
    • There should be an authconfig analogue for server configuration which:
      • makes the simple easy: This auth-server tool should enable simple, straightforward configuration, with all the details being handled by underlying scripts.
      • makes the difficult possible: Administrators can still modify the underlying configuration files.
      User/group administration tools:

      • adduser & similar tools will be patched or equivalents written.

Existing GUI managementtools

These tools may be interesting to evaluate:

  • luma
  • Directory Administrator
    • No clue on Active Directory, NIS, or Kerberose; but Directory Administrator works

      pretty great for LDAP if OpenLDAP has SchemaCheck off. Interesting spatial mode of operation, with users and groups being objects in an icon view instead of a list as well. Importantly, it handles the "Windows authenticates with this" case. Interface can go, but something this featureful is needed for network authentication.

Unresolved issues

* [http://directory.fedora.redhat.com/wiki/Main_Page Fedora Directory Server] should be evaluated. Currently it would require significant packaging work to ship in edgy, even for universe.

BoF agenda and discussion

CategorySpec