Aaron Lippold wrote:
Hi,
Could http://www.freeipa.org/ offer up any quick wins?
Yours,
Aaron
Supporting kerberos and LDAP generically, and /enabling/ that kind of
support (probably including tutorial instructions for doing that with
the IPA stuff) is certaintly the plan.
We're not going to require Free IPA setup, however, as we want to
support existing installations, which probably have something they
already want to use.
The other (and slightly more interesting) part of course is getting the
permissions/ownership workflows right, and I've gotten some good
feedback on that so far as well.
--Michael
On Nov 27, 2007 2:49 AM, Aaron Lippold <lippold@xxxxxxxxx> wrote:
Hi,
One of the features that would be good would be the abllity to
intagrate with NSS. Fedora / RedHat Directory server etc. I think
looking at mod_nss and the already existing pam, pam_pkcs11 etc would
really expand overall enterprise usage, at least for my use. I think
that usage of PAM, NSS, kerberos would provide a good baseline for the
largest set of use cases. Just my thoughts.
Yours,
Aaron
On Nov 26, 2007 4:51 PM, Michael DeHaan <mdehaan@xxxxxxxxxx> wrote:
Jack Neely wrote:
Michael,
Here at NCSU I have an existing provisioning system that generates
kickstarts based on a set of "keyword [value [value...]]" rules. We'd
like to continue to use that as it works well for us...and it integrates
with Cobbler well.
So given that, admins already have the ability to control/alter their
profiles in a defined way that scales well and lonely me can support.
What I'd like from Cobbler is the ability for a select few admins (like
me) to be able to setup all the bits to make Cobbler distros/profiles
etc. work.
Normal admins should be able to associate a MAC address with a profile
and remove said MAC. Actually, it would be great if an admin could
associate a hostname/IP address with a profile and Cobbler would run a
plugin to translate that into a MAC.
One of the things I thought about doing was creating a simpler page to
just edit a systems mapping.
Login would work as before, but the page could be as simple as what you
mentioned above, a dropbox,
and an ok button. CLI equivalents should work too...
Groups of admins as well. Any admin can modify MAC->profile of any
other admin provided both are in the same group.
Authentication via kerberos (PAM probably) authorization done by auto
generated groups of admins (a plugin)?
Sounds reasonable.
Okay...some half-baked ideas about how I see a workflow here. If you
have questions please feel free.
Thanks! I've got some good feedback so far, so I'll try to summarize
findings/plans shortly.
If anyone else wants to share their thoughts on how they'd ideally like
their site to work, please do.
Jack Neely
_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/et-mgmt-tools
_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/et-mgmt-tools
_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/et-mgmt-tools
