Server

Introduction

Server support, unless some industrious individuals are willing to work on it, should be postponed until client support is in a suitable state. No reason to have a server we can't join.

Summary

This is a first effort to try to move out serverstuff from NetworkAuthentication.

The aim of this spec is to make it simple to set up the serverside for NetworkAuthentication on Ubuntu.

Rationale

Ubuntu Server should easily provide the infrastructure to provide a centralized authentication service for Ubuntu Clients and other Linux distributions to. Preferably later also for Windows and other Unixes.

Use cases

Scope

Design

Implementation

  • Metapackage to depend on slapd & krb5-admin-server

  • User/group administration tools - Creation of Kerberos principals & modifying entries in LDAP

  • migrationtools equivalent to also create kerberos principals & LDAP entries

Code

Data preservation and migration

Packages Affected

* slapd * krb5-admin-server * krb5-kdc * ...

User Interface requirements

  • Server-side
    • There should be an authconfig analogue for server configuration which:
      • makes the simple easy: This auth-server tool should enable simple, straightforward configuration, with all the details being handled by underlying scripts.
      • makes the difficult possible: Administrators can still modify the underlying configuration files.
      User/group administration tools:
      • adduser & similar tools will be patched or equivalents written.

Existing GUI managementtools

These tools may be interesting to evaluate:

  • luma
  • Directory Administrator
    • No clue on Active Directory, NIS, or Kerberose; but Directory Administrator works

      pretty great for LDAP if OpenLDAP has SchemaCheck off. Interesting spatial mode of operation, with users and groups being objects in an icon view instead of a list as well. Importantly, it handles the "Windows authenticates with this" case. Interface can go, but something this featureful is needed for network authentication.

  • Complement Administration->Users and Groups(usersadmin) to work with ldap/kerberos(nis?)

Unresolved issues

* Fedora Directory Server should be evaluated. Currently it would require significant packaging work to ship in edgy, even for universe.

BoF agenda and discussion

Additional Remarks


CategorySpec

NetworkAuthentication/Server (last edited 2008-08-06 16:36:49 by localhost)