On 06/03/2013 09:07 PM, Adam Williamson wrote:
We all know what devel@ does best, so let's fire up the power of the bikeshedding machine :) We had https://bugzilla.redhat.com/show_bug.cgi?id=965883 on the list of release blocker candidates that we evaluated at the blocker review meeting this morning. Attendance at blocker reviews is pretty spotty these days (please, people, come out and feel in a position of ABSOLUTE POWER), and no-one present felt like they were a huge expert on typical remote authentication use cases, so we really didn't feel qualified to make a call on this one. As things stand, in Fedora 19, it's basically impossible to configure remote authentication from the install/firstboot process. If you want to use remote auth, you'd have to create a local user first and then do it using whatever tools are available. anaconda / initial-setup has a button for "Use network login..." on its 'user creation' spoke which ought to be where you configure remote auth, but right now it does precisely nothing at all. Whether this is a blocker or not comes down to a judgement call, because it hinges on whether this is a significant inconvenience for a large enough number of users. So we need to know from people who use Fedora in remote auth environments whether it's a big problem not to be able to set it up at install / firstboot time, or whether you'd be okay with creating a local user to get through initial-setup and then configuring remote auth from that local account.
For what it's worth, remote authentication is increasingly important where I sit, so everything that makes it easier to set up is welcome. As of now, my cheat sheet for older Fedoras and RHEL is several pages long and involves manual reconfiguration of samba/winbind, kerberos and pam modules--but I haven't tried to do it in F19 yet, either way. What keeps bugging me is that the whole lashup is fragile and involves magic ('winbind crashed with no error messages; restart it; oops crashed again; restart samba maybe; YAY, success, don't touch anything')
I would be tickled pink if it's a more supported workflow now. I will check it out and file bugs or kudos, depending on the outcome.
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
