Idea for a spec
Alex Mauer
hawke at hawkesnest.net
Thu Jun 1 22:00:03 UTC 2006
Etienne Goyer wrote:
> More concretely, it would involve (on the "master" side) :
>
> - Setting up an LDAP directory, mostly for user authentication and NSS
> - Setting up a DNS zone for the domain
> - Generate a root CA, and a certificate for the master
> - Generate a ssh authentication key pair
> - Setting up a monitoring system
> ... etc
>
> When a "client" is added to the "domain", it would involve :
>
> - Adding the client in the domain's DNS zone
> - Generate a certificate for this client, and send it to the client
> - Make PAM and NSS on the client use the LDAP directory
> - Install root's ssh public key in the client's authorized_keys file
> - Install on the client any agent required by the monitoring service
> ... and so on
I'd just like to mention that I'd like to see kerberos added to to this
basic setup; use ldap for NSS and Kerberos for authentication. I'd also
be interested in participating in this project in any way possible.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20060601/bef5befa/attachment.pgp>
More information about the ubuntu-server
mailing list