Idea for a spec
Carl K
carl at personnelware.com
Fri Jun 2 01:06:55 UTC 2006
Alex Mauer wrote:
> Etienne Goyer wrote:
>
>
>> More concretely, it would involve (on the "master" side) :
>>
>> - Setting up an LDAP directory, mostly for user authentication and NSS
>> - Setting up a DNS zone for the domain
>> - Generate a root CA, and a certificate for the master
>> - Generate a ssh authentication key pair
>> - Setting up a monitoring system
>> ... etc
>>
>> When a "client" is added to the "domain", it would involve :
>>
>> - Adding the client in the domain's DNS zone
>> - Generate a certificate for this client, and send it to the client
>> - Make PAM and NSS on the client use the LDAP directory
>> - Install root's ssh public key in the client's authorized_keys file
>> - Install on the client any agent required by the monitoring service
>> ... and so on
>>
>
> I'd just like to mention that I'd like to see kerberos added to to this
> basic setup; use ldap for NSS and Kerberos for authentication. I'd also
> be interested in participating in this project in any way possible.
>
>
time for a wiki page. fire it up.
More information about the ubuntu-server
mailing list