Authentication services in Ubuntu
Ballock Tokarski
boleslaw.tokarski at tieto.com
Wed May 22 08:02:13 UTC 2013
Hello, Timo,
> SSSD handles those in libpam-sss/libnss-sss, it doesn't need
> libpam-krb5/ldap etc.
>
Yup, my bad. I must have encountered some bug in the early days that made
me think so and I distributed the nss/pam ldap and krb5 stuff along with
sssd.
I have just verified that this is actually works with no nss/pam ldap in
both 12.04 and 13.04. It's a very good news to me. It makes deploying SSSD
a breeze.
I removed the invalid parts of this elaborate and put this to
https://wiki.ubuntu.com/Enterprise/Authentication
> > I strongly vote for this to be SSSD. RedHat is actively developing it
> > and it seems to be running quite decently on Precise already. For this,
> > the following obstacles need to be handled:
> > - SSSD needs to be included in main (Main Inclusion Request #903752)
>
> The blocker is getting the new-ish samba stuff (samba4, ldb, libtevent)
> in main. Looking at the bug again it looks like the ball is on my court,
> boo.. I'll file the missing MIRs soon.
>
You mean SSSD has some Samba4 correlation too? I wouldn't mind using it to
replace winbind4, but using samba4 client to talk to Windows servers at the
same time.
Saucy will get SSSD 1.10.x which builds against libnl-3-dev, so that's
> the first version to get in main.
Good :)
> > - SSSD lacks some configuration questions. I'm ok with that, I deploy it
> > with CFEngine, but I guess it might be considered a requirement
>
> The current status is on purpose, since it makes no sense to drop a
> dummy config there.
I agree.
> There have been talks about adding support for authentication services
> in user-setup, so that it could have a box to tick when you need to join
> the machine as a directory client. Configuring this all should be less
> of a hassle these days, not sure if realmd could be used during install
> phase though or something more manual. In any case, the values could
> then be preseeded for automatic installation.
>
> This is also something I've wanted to add for quite some time now, but
> never had the time to finish. How about adding a blueprint now? Not
> being able to join a directory from the installer tends to be a
> recurring topic on every review of Ubuntu at least on certain Finnish
> press ;)
>
There is room for discussion. I vote for. As it's still 3 months till the
next UDS I've been suggested to create a wiki for that, so that's what I
did (https://wiki.ubuntu.com/Enterprise/Authentication).
> Btw, the Edubuntu guys have experimented with something similar, and I
> think for client they are using SSSD as well..? So for the client, we
> should indeed standardize on something, and SSSD does seem like the best
> bet :)
>
I guess we should invite them to the discussion too. Who should that be?
Cheers,
Ballock
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20130522/f6860717/attachment.html>
More information about the Ubuntu-devel-discuss
mailing list