NetworkAuthentication
Differences between revisions 14 and 76 (spanning 62 versions)
|
Size: 3300
Comment:
|
← Revision 76 as of 2008-08-06 16:34:01 ⇥
Size: 1324
Comment: converted to 1.6 markup
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| ##(see the SpecSpec for an explanation) | * '''Launchpad Entry''': https://launchpad.net/distros/ubuntu/+spec/network-authentication * '''Created''': <<Date(2006-11-03T19:00:00)>> by JerryHaltom |
| Line 3: | Line 4: |
| = NetworkAuthentication = | ---- |
| Line 5: | Line 6: |
| == Status == | * [[FeistyNetworkAuthentication]] Specification for Feisty goals. * [[NetworkAuthentication/Client]] Sub-specification for client-side support. * [[NetworkAuthentication/Server]] Sub-specification for server-side infrastructure. * [[NetworkAuthentication/Old]] Previous content of this page. * [[NetworkAuthentication/KerberizeServices]] |
| Line 7: | Line 12: |
| * Created: [[Date(2005-04-25T05:47:19Z)]] by JaneW * Priority: MediumPriority * People: MatthiasKloseLead, JimMcQuillanSecond, ShahmsKing * Contributors: JaneW * Interested: EricHarrison * Status: BrainDump, BreezyGoal, UduBof, DistroSpecification, NewSpec * Branch: * Malone Bug: * Packages: * Depends: * Dependents: [[FullSearch(NetworkAuthentication)]] * UduSessions: 1, 4, 8, etc |
---- |
| Line 21: | Line 14: |
| == Introduction == | [JerryHaltom] I am reorganizing this specification and splitting it into two parts, client and server. This page will contain a general overview of the need for directory service integrating in Ubuntu. Old content of this page is referenced above. Don't mean to swipe this out from under people, just trying to get it organized for UMV. |
| Line 23: | Line 16: |
| Network Authentication -- LDAP, AD, NIS, NIS+ Directory Integration | = Introduction = |
| Line 25: | Line 18: |
| == Rationale == | TBD |
| Line 27: | Line 20: |
| == Scope and Use Cases == | = Rationale = |
| Line 29: | Line 22: |
| == Implementation Plan == | TBD |
| Line 31: | Line 24: |
| * Network auth on the client seems to be doable for breezy * add tool the configure nsswitch.conf * make sure the needed packages for an authentication method are installed on the system * questions to configure the auth method are not at with Ubuntu's default priority |
= Scope = |
| Line 36: | Line 26: |
| === Data Preservation and Migration === | TBD |
| Line 38: | Line 28: |
| === Packages Affected === | = References = |
| Line 40: | Line 30: |
| === User Interface Requirements === | * [[https://wiki.ubuntu.com/UbuntuDownUnder/BOFs/KerberizingUbuntu|KerberizingUbuntu]] * [[http://live.gnome.org/Glockenspiel|Glockenspiel]] - GNOME spec for lockdown/admin stuff. * [[http://www.ubuntuforums.org/showthread.php?t=191858|Ubuntu Forums "Enterprise" thread]] |
| Line 42: | Line 34: |
| == Outstanding Issues == | = Comments = |
| Line 44: | Line 36: |
| === UDU BOF Agenda === | Please place comments under here: |
| Line 46: | Line 38: |
| * Client Config * authconfig/libuser or equivalent? * Fedora tool, but the only Fedora-only pieces should be minimal and easily portable. * Fedora-specific parts should be restricted to pam_stack which is a relatively straightforward port to pam.d/common-* * Doesn't fit in well with Debian policy as it modifies config files from many, many packages * Porting might be useful as a short-term solution * At the very least is useful as an implementation guide or roadmap for knowing which files need to be modified for each method * start nscd * Authentication * modify pam.d/common-* * modify backend-specific files * LDAP, AD, eDirectory: /etc/ldap.conf * NIS, NIS+ * Kerberos * Winbind * Authorization and user information * modify nsswitch.conf * backend-specifc config files should be the same as for authentication * LDAP, AD, eDirectory: /etc/ldap.conf * NIS, NIS+ * Winbind * Hesiod * Fedora has this, but it's an ugly DNS hack and can probably be dropped. * Server Config * some scripts * graphical front ends * directory-administrator * ... * Not implementable in Breezy timeframe, possibly Breezy+1 * Should be split into its own BOF * NIS/YP might be doable by Breezy, but should be killed off * NIS+? * Kerberos? * Winbind/Samba are currently shipped but can be a configuration nightmare (but see below) * LDAP: currently the only option is OpenLDAP which is ridiculously hard to configure. * The biggest problem is that it doesn't ship with sane defaults, or really any defaults. Adding good defaults to the slapd package is the low-hanging fruit for this. * RedHat will be releasing the Netscape Directory Server code as GPL? "Real Soon Now(tm)" which might be a better alternative. * Samba4 will also have their own LDAP server as it is required for the Active Directory stuff they want to do. This will likely make configuring both LDAP and Samba/Winbind significantly easier. * Both Netscape Directory Server and Samba4 "indefinite future releases". |
---- |
| Line 86: | Line 40: |
| === UDU Pre-Work === | ---- CategorySpec |
Launchpad Entry: https://launchpad.net/distros/ubuntu/+spec/network-authentication
Created: 2006-11-03 by JerryHaltom
FeistyNetworkAuthentication Specification for Feisty goals.
NetworkAuthentication/Client Sub-specification for client-side support.
NetworkAuthentication/Server Sub-specification for server-side infrastructure.
NetworkAuthentication/Old Previous content of this page.
[JerryHaltom] I am reorganizing this specification and splitting it into two parts, client and server. This page will contain a general overview of the need for directory service integrating in Ubuntu. Old content of this page is referenced above. Don't mean to swipe this out from under people, just trying to get it organized for UMV.
Introduction
TBD
Rationale
TBD
Scope
TBD
References
Glockenspiel - GNOME spec for lockdown/admin stuff.
Comments
Please place comments under here:
NetworkAuthentication (last edited 2008-08-06 16:34:01 by localhost)