Michael DeHaan wrote:
We've also talked about doing LDAP authorization in addition to
authentication for a future release --f or those who want to control
ownership but don't want to use the config file).
I'd be very interested in this sort of thing.
One use-case I'm thinking about is for an ISP with several clients
allowing each client to use cobbler to do their own installs. Of course,
this would require a further degree of privacy, i.e. it would be
necessary to prevent client A seeing anything belonging to Client B, and
vice versa. Some things should be viewable (read-only) to all, e.g. a
standard RHEL5 profile. Clients could perhaps copy a read-only profile
to their own custom profile and modify it as required.
Of course, another option is to restrict cobbler access to ISP employees
thus eliminating the need for strict partitioning.
Anyway, the LDAP authorisation sounds like interesting stuff - I
certainly wouldn't want to have to maintain an LDAP directory for
authentication, then manually edit a file to control authorisation.
Cheers,
R.
_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/et-mgmt-tools
