Launchpad Entry: server-karmic-directory-service-configuration
BoF agenda and discussion
UDS Karmic discussion
= Directory Integration for Services = * Services to automatically leverage the directory. * setup-kerberos-service script (domain-join) * Creates necessary Kerberos principals. * Get keytab from KDC. * Use /etc/keytab.d for keytab files. * One keytab per service. * Where in the directory the service config options are. * Add DNS entry? * Modify service config file for Kerberos. * Enable GSSAPI. * Register service on the network. * Step 0: Discovery -- scripted. * DNS SRV records. * Use the rootDSE to identify an Ubuntu directory. * Step 1: Enable krb5 * Add a principal for each packages service/s. * Step 2: Enable Directory (LDAP) service. * Configures local slapd to replicate the directory. * Only replicated needed objects for each service. * Use the caching overlay. * Packages * Samba * Postfix * Dovecot * OpenLDAP -- as a client. * OpenSSH * User Login. * How does each service dertermine the LDAP server location, credentials, etc. * DNS * debconf * Ask at install time. * Need X509 certificate for LDAP server. * Can also be done with SASL. * Enable traffic encryption after authentication. * Create a client certificate and publish it in the Directory. * Don't need a full CA for Karmic.