FeistyNetworkAuthentication

Related Specifications

Introduction

The most prominent step in successfully providing directory services integration on Ubuntu is that of the client. A server implementation without a client does not accomplish much. A client without our own server implementation can get us traction in markets already covered by a directory server, notably the majority of the world on Microsoft Active Directory. This is a market we should desire.

This document describes the design of Ubuntu's directory services integration from a client's perspective. It steps slightly into the realm of the servers when discussing various properties of the client which are directly driven by the choice of server configuration.

This plan is a subset of a much larger strategic goal of Ubuntu, NetworkAuthentication. This specification will be what we plan to implement in time for Feisty. The larger specification will take much longer to implement.

Rationale

An Ubuntu machine does not exist by itself, nor in a network that purely consists of Linux Machines. System Administrators for organizations are looking for a way to easily authenticate their Linux machines against an existing and established Active Directory infrastructure.

Scope

To be realistic, the scope of this specification is simply to provide CLI- and GTK-based methods of "joining" an Active Directory domain.

Implementation

The authtool package will be cleaned up & uploaded into feisty. The current to-do list for this branch is:

  • - Convert modules to directory layout with resources - Convert the gtk+ UI to glade - Fix PAM configurations - Detect settings automagically

    - PyQt UI

As well as authtool, to get proper integration with Active Directory, we need to have the "samba megapatch" which will be integrated into samba 3.0.24. The current SuSE release has this to allow for much better integration with AD than is possible with stock samba.

CLI

The CLI interface accepts a configuration file to be used to enable settings.

GTK

Currently, the UI asks all possible questions for the configuration of each module, when most of them can be filled in automatically or defaults will be accepted.

An UI mockup has been done at http://akita.larvalstage.net/~wasabi/Screenshot-Directory Services-1.png

As implemented, the UI is at http://ajmitch.net.nz/~ajmitch/authtool_new.png

Preseeding

For administrators to easily add a workstation to AD or other networks, the authtool CLI tool will accept preseeding either via debconf or by loading a configuration file which contains the settings. The preseeding can be done from the installer or by deploying the configuration file to the workstations.

References

TBD

Comments

  • Samba 3.0.24 is under development and is expected to be released in mid-late January, before FeatureFreeze (Feb 8th)

  • Can we have the actual type of the directory auto detected and moved to the advanced page, and rename the Detect button to be check settings or similar?
  • Can we add a dropdown with DNS, Avahi, etc. suggested directories?

  • I think instead of these detect and join buttons in a single dialog a wizard would work better. --AndreRuediger

  • lib{nss,pam}-ldap are in universe, thus not officially supported. Will this change? --TRS-80
    • Yes, they are proposed for main, but deferred for feisty

CategorySpec

FeistyNetworkAuthentication (last edited 2008-08-06 16:27:47 by localhost)