== Introduction ==

Server support, unless some industrious individuals are willing to work on it, should be postponed until client support is in a suitable state. No reason to have a server we can't join.

== Summary ==
This is a first effort to try to move out serverstuff from NetworkAuthentication.

The aim of this spec is to make it simple to set up the serverside for NetworkAuthentication on Ubuntu. 

== Rationale ==
Ubuntu Server should easily provide the infrastructure to provide a centralized authentication service for Ubuntu Clients and other Linux distributions to. Preferably later also for Windows and other Unixes.

== Use cases ==

== Scope ==

== Design ==

== Implementation ==
    * Metapackage to depend on slapd & krb5-admin-server
    * User/group administration tools - Creation of Kerberos principals & modifying entries in LDAP
    * migrationtools equivalent to also create kerberos principals & LDAP entries


=== Code ===

=== Data preservation and migration ===

=== Packages Affected ===
* slapd
* krb5-admin-server
* krb5-kdc
* ...

=== User Interface requirements ===

 * Server-side
   There should be an authconfig analogue for server configuration which:
    * makes the simple easy: This auth-server tool should enable simple, straightforward configuration, with all the details being handled by underlying scripts.
    * makes the difficult possible: Administrators can still modify the underlying configuration files.
   User/group administration tools: 
    * `adduser` & similar tools will be patched or equivalents written.

==== Existing GUI managementtools ====
These tools may be interesting to evaluate:
    * luma
    * Directory Administrator
        No clue on Active Directory, NIS, or Kerberose; but Directory Administrator works 
        pretty great for LDAP if OpenLDAP has SchemaCheck off.  Interesting spatial mode of 
        operation, with users and groups being objects in an icon view instead of a list as 
        well.  Importantly, it handles the "Windows authenticates with this" case.  Interface 
        can go, but something this featureful is needed for network authentication.
    * Complement Administration->Users and Groups(usersadmin) to work with ldap/kerberos(nis?)

== Unresolved issues ==

* [[http://directory.fedora.redhat.com/wiki/Main_Page|Fedora Directory Server]] should be evaluated. Currently it would require significant packaging work to ship in edgy, even for universe.





== BoF agenda and discussion ==


== Additional Remarks ==


----
CategorySpec