NetworkDirectoryServicesConfiguration
Launchpad Entry: server-karmic-directory-service-configuration
Created:
Contributors:
Packages affected:
Summary
Release Note
Rationale
User stories
Assumptions
Design
Implementation
UI Changes
Code Changes
Migration
Test/Demo Plan
Unresolved issues
BoF agenda and discussion
UDS Karmic discussion
= Directory Integration for Services =
* Services to automatically leverage the directory.
* setup-kerberos-service script (domain-join)
* Creates necessary Kerberos principals.
* Get keytab from KDC.
* Use /etc/keytab.d for keytab files.
* One keytab per service.
* Where in the directory the service config options are.
* Add DNS entry?
* Modify service config file for Kerberos.
* Enable GSSAPI.
* Register service on the network.
* Step 0: Discovery -- scripted.
* DNS SRV records.
* Use the rootDSE to identify an Ubuntu directory.
* Step 1: Enable krb5
* Add a principal for each packages service/s.
* Step 2: Enable Directory (LDAP) service.
* Configures local slapd to replicate the directory.
* Only replicated needed objects for each service.
* Use the caching overlay.
* Packages
* Samba
* Postfix
* Dovecot
* OpenLDAP -- as a client.
* OpenSSH
* User Login.
* How does each service dertermine the LDAP server location, credentials, etc.
* DNS
* debconf
* Ask at install time.
* Need X509 certificate for LDAP server.
* Can also be done with SASL.
* Enable traffic encryption after authentication.
* Create a client certificate and publish it in the Directory.
* Don't need a full CA for Karmic.NetworkDirectoryServicesConfiguration (last edited 2009-06-03 17:19:12 by 207)