Authentication services in Ubuntu

Timo Aaltonen tjaalton at ubuntu.com
Wed May 22 08:38:11 UTC 2013 

On 22.05.2013 11:02, Ballock Tokarski wrote:
>     > I strongly vote for this to be SSSD. RedHat is actively developing it
>     > and it seems to be running quite decently on Precise already. For
>     this,
>     > the following obstacles need to be handled:
>     > - SSSD needs to be included in main (Main Inclusion Request #903752)
> 
>     The blocker is getting the new-ish samba stuff (samba4, ldb, libtevent)
>     in main. Looking at the bug again it looks like the ball is on my court,
>     boo.. I'll file the missing MIRs soon.
> 
>  
> You mean SSSD has some Samba4 correlation too? I wouldn't mind using it
> to replace winbind4, but using samba4 client to talk to Windows servers
> at the same time.

Starting from 1.9.x SSSD has an authentication and identity provider for
AD, which also makes configuration easier. It also supports SID to
UID/GID mapping etc, more details on

https://fedorahosted.org/sssd/attachment/wiki/Documentation/SSSD_1.9_Overview_Oct_2012.pdf

>     There have been talks about adding support for authentication services
>     in user-setup, so that it could have a box to tick when you need to join
>     the machine as a directory client. Configuring this all should be less
>     of a hassle these days, not sure if realmd could be used during install
>     phase though or something more manual. In any case, the values could
>     then be preseeded for automatic installation.
> 
>     This is also something I've wanted to add for quite some time now, but
>     never had the time to finish. How about adding a blueprint now? Not
>     being able to join a directory from the installer tends to be a
>     recurring topic on every review of Ubuntu at least on certain Finnish
>     press ;)
> 
> 
> There is room for discussion. I vote for. As it's still 3 months till
> the next UDS I've been suggested to create a wiki for that, so that's
> what I did (https://wiki.ubuntu.com/Enterprise/Authentication).

thanks!

>     Btw, the Edubuntu guys have experimented with something similar, and I
>     think for client they are using SSSD as well..? So for the client, we
>     should indeed standardize on something, and SSSD does seem like the best
>     bet :)
> 
>  
> I guess we should invite them to the discussion too. Who should that be?

Stéphane Graber, CC'd :)



-- 
t

More information about the Ubuntu-devel-discuss mailing list