Introduction
Server support, unless some industrious individuals are willing to work on it, should be postponed until client support is in a suitable state. No reason to have a server we can't join.
Summary
This is a first effort to try to move out serverstuff from NetworkAuthentication.
The aim of this spec is to make it simple to set up the serverside for NetworkAuthentication on Ubuntu.
Rationale
Ubuntu Server should easily provide the infrastructure to provide a centralized authentication service for Ubuntu Clients and other Linux distributions to. Preferably later also for Windows and other Unixes.
Use cases
Scope
Design
Implementation
Metapackage to depend on slapd & krb5-admin-server
User/group administration tools - Creation of Kerberos principals & modifying entries in LDAP
migrationtools equivalent to also create kerberos principals & LDAP entries
Code
Data preservation and migration
Packages Affected
* slapd * krb5-admin-server * krb5-kdc * ...
User Interface requirements
- Server-side
- There should be an authconfig analogue for server configuration which:
- makes the simple easy: This auth-server tool should enable simple, straightforward configuration, with all the details being handled by underlying scripts.
- makes the difficult possible: Administrators can still modify the underlying configuration files.
adduser & similar tools will be patched or equivalents written.
- There should be an authconfig analogue for server configuration which:
Existing GUI managementtools
These tools may be interesting to evaluate:
- luma
- Directory Administrator
- No clue on Active Directory, NIS, or Kerberose; but Directory Administrator works
pretty great for LDAP if OpenLDAP has SchemaCheck off. Interesting spatial mode of operation, with users and groups being objects in an icon view instead of a list as well. Importantly, it handles the "Windows authenticates with this" case. Interface can go, but something this featureful is needed for network authentication.
- No clue on Active Directory, NIS, or Kerberose; but Directory Administrator works
Complement Administration->Users and Groups(usersadmin) to work with ldap/kerberos(nis?)
Unresolved issues
* Fedora Directory Server should be evaluated. Currently it would require significant packaging work to ship in edgy, even for universe.
BoF agenda and discussion