Ubuntu Domain Server

Paul Smith paul at mad-scientist.us
Thu Oct 22 04:35:56 UTC 2009

On Thu, 2009-10-22 at 11:56 +0800, Christopher Chan wrote:
> > It doesn't matter how much work is involved. Do you think the 
> > Linux/Ubuntu community would be willing to change the way system 
> > logons work if it meant bug #1 could be completed?
> Let us see. To change the way system logons work would mean changing 
> pam, the C library and just about anything that has to do with system 
> accounts. You are welcome to try to convince the Ubuntu community to 
> maintain a fork of all these essential system libraries and offer some
> form of backwards compatibility to avoid having to also modify who
> knows how many other packages like sendmail, apache,
> bind, ..., ..., ..., everything.

You guys need to step back a bit.  There's absolutely no reason whatever
that this _feature_ cannot be implemented on UNIX/Linux.

Yes, obviously the _implementation_ that relies on changing the UID/GID
scheme is a complete non-starter and cannot even be considered.  There's
no chance that anyone "upstream" will be willing to break that behavior
and as you say, Ubuntu cannot essentially rewrite the entire GNU/Linux
operating system to do away with it (don't forget that UID/GID is
heavily embedded in the kernel, too, so Ubuntu would have to rework the
kernel itself extensively).  If this is Ryan's question then the answer
is definitely no, not even if it meant bug #1 could be completed.  Let's
all remember our goal here is NOT to beat Microsoft by becoming a free
version of Windows.  Our goal is to produce a better product, while
still staying true to the UNIX roots and philosophy (which we believe
will lead to better software).

However, luckily for us we do not HAVE to change or do away with UID/GID
in order to implement automatic joins of a workstation.  There's
absolutely no reason that user "paul.smith" cannot have UID 1000 on one
system and UID 2000 on another system: you just need to implement a
mapping mechanism.

But there are so many things to be considered before you even get here
that impact directly on this.  For example, obviously security is
critical and so you'll need a secure way to do AAA.  How do you add
users?  How do users authenticate?  Etc. etc.  All critical questions.
Most likely you will need to base this on Kerberos, just because there's
nothing else out there with the requisite features + security, that I
know of anyway.

Once you have that figured out you must end up with some secure token
which represents a user that you can present to other systems as proof
of identity.  Then all you have to do is have each host map that token
to a locally relevant UID/GID.  UID/GID cannot be used between hosts,
anyway, in any secure fashion.  That's just one idea.

I'm certainly NOT saying it's not a lot of work.  I'm saying that it can
be done, and it doesn't require throwing out 30+ years of UNIX/POSIX
history to do it, so let's not dismiss the big idea based only on one
possible bad implementation.

More information about the Ubuntu-devel-discuss mailing list