On 10.06.2013 23:35, David Woodhouse wrote: > On Sun, 2013-06-09 at 09:24 +0930, Glen Turner wrote: >> >> I'd also strongly encourage a design which makes it easy for a >> corporate-issued RPM to configure the authentication. For an example of >> something wonderful, NetworkManager has a one-file-per-ssid design so its >> easy for a RPM to drop in the configuration files for the corporate wireless. >> I'd really like a company to be able to have a set of noarch RPMS which put >> in place the minimum configuration for use within the organisation. > > FWIW I've had some of this working fairly nicely. > > A firstboot module takes the user's AD credentials, uses the internal > PKI infrastructure to obtain SSL certificates for wifi and VPN, drops > the appropriate NetworkManager config into place. > > That's the easy bit. Also configuring Evolution-EWS and pidgin-sipe is a > bit harder, and Evolution is even *harder* to configure like that now > that its account config has been improved (I last had it working when it > involved gconftool-2). > > And Fedora 19 should *finally* make it vaguely sane to import the > corporate SSL CAs to a central location rather than having to do it in > seventeen different places for different SSL libraries and sometimes Fedora 19 makes this possible (drop a file in a directory, run a command), and Fedora 20 will make in smooth (tools, apis for it). > even special locations for *particularly* braindamaged applications > (pidgin). Hmmm, we should probably fix that one to use the central stuff. David, if we've missed any others in Fedora 19, could you file RHBZ bugs? Cheers, Stef -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
