Idea for a spec

Alex Mauer hawke at
Thu Jun 1 22:00:03 UTC 2006

Etienne Goyer wrote:

> More concretely, it would involve (on the "master" side) :
> - Setting up an LDAP directory, mostly for user authentication and NSS
> - Setting up a DNS zone for the domain
> - Generate a root CA, and a certificate for the master
> - Generate a ssh authentication key pair
> - Setting up a monitoring system
>  ... etc
> When a "client" is added to the "domain", it would involve :
> - Adding the client in the domain's DNS zone
> - Generate a certificate for this client, and send it to the client
> - Make PAM and NSS on the client use the LDAP directory
> - Install root's ssh public key in the client's authorized_keys file
> - Install on the client any agent required by the monitoring service
>  ... and so on

I'd just like to mention that I'd like to see kerberos added to to this
basic setup; use ldap for NSS and Kerberos for authentication.  I'd also
be interested in participating in this project in any way possible.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the ubuntu-server mailing list