-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/12/2010 01:56 PM, Stephen John Smoogen wrote: > On Mon, Apr 12, 2010 at 11:46 AM, Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 04/12/2010 01:35 PM, Stephen John Smoogen wrote: >>> On Mon, Apr 12, 2010 at 11:13 AM, Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote: >>> I'm trying to figure out how to do a little PR around the SSSD (the >>> System Security Services Daemon). I've been tracking mentions of it >>> around the web with Google Alerts and in the last few weeks, there have >>> been several dozen hits... all in the Ubuntu context -_- >>> >>> So I'm looking for advice on how to draw attention to the fact that this >>> is a Fedora project. And moreover, works better on Fedora, since we have >>> authconfig making setup a breeze. >>> >>> The SSSD is an advertised Feature for Fedora 13: >>> http://fedoraproject.org/wiki/Fedora_13_Talking_Points#System_Security_Services_Daemon_.28SSSD.29 >>> >>> My main concern is that most of the chatter that Google Alerts has been >>> picking up have been leading back to blogs written about the Ubuntu >>> package of SSSD (which is an older version than what is available in >>> Fedora and also has no UI for configuring it). >>> >>>> Ok lets look at the following: >> >>>> 1) What does it do? >> We're targeting it as a replacement for nss_ldap, pam_ldap and pam_krb5. >> The main idea is that it handles cached authentication. It's target is >> mainly for larger Fedora deployments that use centralized >> authentication. Within this group, there are two main use-cases we're >> targeting: >> 1) Laptop users. With the SSSD, there's no longer a need to maintain a >> separate local user account. You will be able to sign in with your >> centrally-managed account even when not connected to the LDAP/Kerberos >> server. The SSSD caches credentials so that if the server is >> unavailable, the user can still gain access to their local machine. >> 2) Datacenter servers that rely on LDAP and/or Kerberos for >> authentication will be able to survive authentication outages. >> >>>> 2) How does it work? >> Quite well, thank you :) >> >> >>>> 3) Why should I be excited about it? >> In the case of a laptop user, no more managing two sets of passwords to >> get into your system. Plus, with Kerberos, if you log in online, it will >> automatically use your login credentials to acquire your Kerberos >> ticket-granting ticket for access to network credentials. (And if you're >> offline, integration with krb5-auth-dialog will make sure you can easily >> acquire that ticket when you go online) >> >>>> 4) Can we make a video that shows this all to put up on the tubes somewhere. >> I'm not sure what we can do for a video. I suppose we could record a >> Fedora 13 install, setting up the SSSD with authconfig during firstboot >> and then demonstrating how it works by simulating offline behavior with >> 'service [network|Network Manager] stop' >> >> > > A) Does it have a gui? Show off the gui Starting in Fedora 13, th authconfig UI (aka system-config-authentication) has been completely redesigned, and will now configure the SSSD. See: https://fedoraproject.org/wiki/Test_Day:2010-03-30_SSSDByDefault http://mairin.wordpress.com/2010/02/18/authconfig-gtk-ui-revamp/ http://mairin.wordpress.com/2010/03/29/mockups-in-your-hand-authconfig-test-day-tomorrow/ > B) Show two systems.. one with it and one without it. Take it off > networking or (for the corporate IT person who needs to show their > boss... take it off vpn..) log into both.. which one works.. which one > doesn't. Do a 'time' elapsed cut to 2-3 days later when the ticket no > longer is valid.. log into both... do you get locked out of both? > Tada... extra security for the stolen laptop. > We could do that pretty easily. Although the latter feature is one that isn't configured in the UI. We CAN set it so that after N days it disallows logins, but that requires manually editing the config file. But yes, it would be added security (just not useful for the 90% case, so we left it out of the UI) - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvDZIUACgkQeiVVYja6o6OhTACglpuxVXUiCjc/Ae/A16+ZE/Nx FKEAoJYeSEpTLMwOWq47gia2n+wuR4uN =c1u6 -----END PGP SIGNATURE----- -- marketing mailing list marketing@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/marketing
