-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I'm trying to figure out how to do a little PR around the SSSD (the System Security Services Daemon). I've been tracking mentions of it around the web with Google Alerts and in the last few weeks, there have been several dozen hits... all in the Ubuntu context -_-
So I'm looking for advice on how to draw attention to the fact that this is a Fedora project. And moreover, works better on Fedora, since we have authconfig making setup a breeze.
The SSSD is an advertised Feature for Fedora 13: http://fedoraproject.org/wiki/Fedora_13_Talking_Points#System_Security_Servi...
My main concern is that most of the chatter that Google Alerts has been picking up have been leading back to blogs written about the Ubuntu package of SSSD (which is an older version than what is available in Fedora and also has no UI for configuring it).
I've written the occasional blog post about SSSD, but they don't seem to get picked up and reprinted in nearly as many places as the Ubuntu blogs do. I'd really like for us to find a way to clue people in that the SSSD is, first and foremost, a Fedora project.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
On Mon, Apr 12, 2010 at 10:13 AM, Stephen Gallagher sgallagh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I'm trying to figure out how to do a little PR around the SSSD (the System Security Services Daemon). I've been tracking mentions of it around the web with Google Alerts and in the last few weeks, there have been several dozen hits... all in the Ubuntu context -_-
So I'm looking for advice on how to draw attention to the fact that this is a Fedora project. And moreover, works better on Fedora, since we have authconfig making setup a breeze.
The SSSD is an advertised Feature for Fedora 13: http://fedoraproject.org/wiki/Fedora_13_Talking_Points#System_Security_Servi...
My main concern is that most of the chatter that Google Alerts has been picking up have been leading back to blogs written about the Ubuntu package of SSSD (which is an older version than what is available in Fedora and also has no UI for configuring it).
I've written the occasional blog post about SSSD, but they don't seem to get picked up and reprinted in nearly as many places as the Ubuntu blogs do. I'd really like for us to find a way to clue people in that the SSSD is, first and foremost, a Fedora project.
Hi Stephen,
So - excellent timing, and we definitely appreciate the heads-up on this, btw - we're in the middle of working on Feature Profiles for the F13 release. It's basically an interview - we do them on irc, via email, or in podcast form - where we talk to the developer(s) about a specific feature, how it's used, how it was developed in the community, etc.
To see some examples from F12, you can check them out here: http://fedoraproject.org/wiki/F12_feature_profiles
Is this something you'd be interested in doing? Someone from the marketing team can write up some interview questions and work with you and/or Simo on getting out some good content, and we can definitely highlight how it is first and foremost, as you said, a Fedora project.
-Robyn
Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvDVM8ACgkQeiVVYja6o6N56ACggKLStjWji8G9yIwvnU5TMDho p/4An3qrlfcReObwZpa/5jtxPA9NDcpz =c4MW
-----END PGP SIGNATURE-----
marketing mailing list marketing@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/marketing
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/12/2010 01:22 PM, Robyn Bergeron wrote:
Hi Stephen,
So - excellent timing, and we definitely appreciate the heads-up on this, btw - we're in the middle of working on Feature Profiles for the F13 release. It's basically an interview - we do them on irc, via email, or in podcast form - where we talk to the developer(s) about a specific feature, how it's used, how it was developed in the community, etc.
To see some examples from F12, you can check them out here: http://fedoraproject.org/wiki/F12_feature_profiles
Is this something you'd be interested in doing? Someone from the marketing team can write up some interview questions and work with you and/or Simo on getting out some good content, and we can definitely highlight how it is first and foremost, as you said, a Fedora project.
Yes, absolutely. Where do I sign up? :)
-Robyn
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
On Mon, Apr 12, 2010 at 10:25 AM, Stephen Gallagher sgallagh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/12/2010 01:22 PM, Robyn Bergeron wrote:
Hi Stephen,
So - excellent timing, and we definitely appreciate the heads-up on this, btw - we're in the middle of working on Feature Profiles for the F13 release. It's basically an interview - we do them on irc, via email, or in podcast form - where we talk to the developer(s) about a specific feature, how it's used, how it was developed in the community, etc.
To see some examples from F12, you can check them out here: http://fedoraproject.org/wiki/F12_feature_profiles
Is this something you'd be interested in doing? Someone from the marketing team can write up some interview questions and work with you and/or Simo on getting out some good content, and we can definitely highlight how it is first and foremost, as you said, a Fedora project.
Yes, absolutely. Where do I sign up? :)
You just did. :)
https://fedoraproject.org/wiki/F13_feature_profiles
I'll hit you up with an email shortly.
-Robyn
Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvDV4EACgkQeiVVYja6o6N0pgCfUMbsk3XM99lPWKHs2ymGt0tB 2bsAnjJaeDG+g9fKCF8VhYZRXxG7v8mZ =xj28
-----END PGP SIGNATURE-----
marketing mailing list marketing@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/marketing
On Mon, Apr 12, 2010 at 11:13 AM, Stephen Gallagher sgallagh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I'm trying to figure out how to do a little PR around the SSSD (the System Security Services Daemon). I've been tracking mentions of it around the web with Google Alerts and in the last few weeks, there have been several dozen hits... all in the Ubuntu context -_-
So I'm looking for advice on how to draw attention to the fact that this is a Fedora project. And moreover, works better on Fedora, since we have authconfig making setup a breeze.
The SSSD is an advertised Feature for Fedora 13: http://fedoraproject.org/wiki/Fedora_13_Talking_Points#System_Security_Servi...
My main concern is that most of the chatter that Google Alerts has been picking up have been leading back to blogs written about the Ubuntu package of SSSD (which is an older version than what is available in Fedora and also has no UI for configuring it).
Ok lets look at the following: 1) What does it do? 2) How does it work? 3) Why should I be excited about it? 4) Can we make a video that shows this all to put up on the tubes somewhere.
I've written the occasional blog post about SSSD, but they don't seem to get picked up and reprinted in nearly as many places as the Ubuntu blogs do. I'd really like for us to find a way to clue people in that the SSSD is, first and foremost, a Fedora project.
Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvDVM8ACgkQeiVVYja6o6N56ACggKLStjWji8G9yIwvnU5TMDho p/4An3qrlfcReObwZpa/5jtxPA9NDcpz =c4MW
-----END PGP SIGNATURE-----
marketing mailing list marketing@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/marketing
On Mon, Apr 12, 2010 at 10:35 AM, Stephen John Smoogen smooge@gmail.com wrote:
On Mon, Apr 12, 2010 at 11:13 AM, Stephen Gallagher sgallagh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I'm trying to figure out how to do a little PR around the SSSD (the System Security Services Daemon). I've been tracking mentions of it around the web with Google Alerts and in the last few weeks, there have been several dozen hits... all in the Ubuntu context -_-
So I'm looking for advice on how to draw attention to the fact that this is a Fedora project. And moreover, works better on Fedora, since we have authconfig making setup a breeze.
The SSSD is an advertised Feature for Fedora 13: http://fedoraproject.org/wiki/Fedora_13_Talking_Points#System_Security_Servi...
My main concern is that most of the chatter that Google Alerts has been picking up have been leading back to blogs written about the Ubuntu package of SSSD (which is an older version than what is available in Fedora and also has no UI for configuring it).
Ok lets look at the following:
- What does it do?
- How does it work?
- Why should I be excited about it?
- Can we make a video that shows this all to put up on the tubes somewhere.
A video would be tooooooootally cool.
I've written the occasional blog post about SSSD, but they don't seem to get picked up and reprinted in nearly as many places as the Ubuntu blogs do. I'd really like for us to find a way to clue people in that the SSSD is, first and foremost, a Fedora project.
Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvDVM8ACgkQeiVVYja6o6N56ACggKLStjWji8G9yIwvnU5TMDho p/4An3qrlfcReObwZpa/5jtxPA9NDcpz =c4MW
-----END PGP SIGNATURE-----
marketing mailing list marketing@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/marketing
-- Stephen J Smoogen.
Ah, but a man's reach should exceed his grasp. Or what's a heaven for?
-- Robert Browning
marketing mailing list marketing@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/marketing
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/12/2010 01:35 PM, Stephen John Smoogen wrote:
On Mon, Apr 12, 2010 at 11:13 AM, Stephen Gallagher sgallagh@redhat.com wrote: I'm trying to figure out how to do a little PR around the SSSD (the System Security Services Daemon). I've been tracking mentions of it around the web with Google Alerts and in the last few weeks, there have been several dozen hits... all in the Ubuntu context -_-
So I'm looking for advice on how to draw attention to the fact that this is a Fedora project. And moreover, works better on Fedora, since we have authconfig making setup a breeze.
The SSSD is an advertised Feature for Fedora 13: http://fedoraproject.org/wiki/Fedora_13_Talking_Points#System_Security_Servi...
My main concern is that most of the chatter that Google Alerts has been picking up have been leading back to blogs written about the Ubuntu package of SSSD (which is an older version than what is available in Fedora and also has no UI for configuring it).
Ok lets look at the following:
- What does it do?
We're targeting it as a replacement for nss_ldap, pam_ldap and pam_krb5. The main idea is that it handles cached authentication. It's target is mainly for larger Fedora deployments that use centralized authentication. Within this group, there are two main use-cases we're targeting: 1) Laptop users. With the SSSD, there's no longer a need to maintain a separate local user account. You will be able to sign in with your centrally-managed account even when not connected to the LDAP/Kerberos server. The SSSD caches credentials so that if the server is unavailable, the user can still gain access to their local machine. 2) Datacenter servers that rely on LDAP and/or Kerberos for authentication will be able to survive authentication outages.
- How does it work?
Quite well, thank you :)
- Why should I be excited about it?
In the case of a laptop user, no more managing two sets of passwords to get into your system. Plus, with Kerberos, if you log in online, it will automatically use your login credentials to acquire your Kerberos ticket-granting ticket for access to network credentials. (And if you're offline, integration with krb5-auth-dialog will make sure you can easily acquire that ticket when you go online)
- Can we make a video that shows this all to put up on the tubes somewhere.
I'm not sure what we can do for a video. I suppose we could record a Fedora 13 install, setting up the SSSD with authconfig during firstboot and then demonstrating how it works by simulating offline behavior with 'service [network|Network Manager] stop'
I've written the occasional blog post about SSSD, but they don't seem to get picked up and reprinted in nearly as many places as the Ubuntu blogs do. I'd really like for us to find a way to clue people in that the SSSD is, first and foremost, a Fedora project.
- -- marketing mailing list marketing@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/marketing
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
On Mon, Apr 12, 2010 at 11:46 AM, Stephen Gallagher sgallagh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/12/2010 01:35 PM, Stephen John Smoogen wrote:
On Mon, Apr 12, 2010 at 11:13 AM, Stephen Gallagher sgallagh@redhat.com wrote: I'm trying to figure out how to do a little PR around the SSSD (the System Security Services Daemon). I've been tracking mentions of it around the web with Google Alerts and in the last few weeks, there have been several dozen hits... all in the Ubuntu context -_-
So I'm looking for advice on how to draw attention to the fact that this is a Fedora project. And moreover, works better on Fedora, since we have authconfig making setup a breeze.
The SSSD is an advertised Feature for Fedora 13: http://fedoraproject.org/wiki/Fedora_13_Talking_Points#System_Security_Servi...
My main concern is that most of the chatter that Google Alerts has been picking up have been leading back to blogs written about the Ubuntu package of SSSD (which is an older version than what is available in Fedora and also has no UI for configuring it).
Ok lets look at the following:
- What does it do?
We're targeting it as a replacement for nss_ldap, pam_ldap and pam_krb5. The main idea is that it handles cached authentication. It's target is mainly for larger Fedora deployments that use centralized authentication. Within this group, there are two main use-cases we're targeting:
- Laptop users. With the SSSD, there's no longer a need to maintain a
separate local user account. You will be able to sign in with your centrally-managed account even when not connected to the LDAP/Kerberos server. The SSSD caches credentials so that if the server is unavailable, the user can still gain access to their local machine. 2) Datacenter servers that rely on LDAP and/or Kerberos for authentication will be able to survive authentication outages.
- How does it work?
Quite well, thank you :)
- Why should I be excited about it?
In the case of a laptop user, no more managing two sets of passwords to get into your system. Plus, with Kerberos, if you log in online, it will automatically use your login credentials to acquire your Kerberos ticket-granting ticket for access to network credentials. (And if you're offline, integration with krb5-auth-dialog will make sure you can easily acquire that ticket when you go online)
- Can we make a video that shows this all to put up on the tubes somewhere.
I'm not sure what we can do for a video. I suppose we could record a Fedora 13 install, setting up the SSSD with authconfig during firstboot and then demonstrating how it works by simulating offline behavior with 'service [network|Network Manager] stop'
A) Does it have a gui? Show off the gui B) Show two systems.. one with it and one without it. Take it off networking or (for the corporate IT person who needs to show their boss... take it off vpn..) log into both.. which one works.. which one doesn't. Do a 'time' elapsed cut to 2-3 days later when the ticket no longer is valid.. log into both... do you get locked out of both? Tada... extra security for the stolen laptop.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/12/2010 01:56 PM, Stephen John Smoogen wrote:
On Mon, Apr 12, 2010 at 11:46 AM, Stephen Gallagher sgallagh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/12/2010 01:35 PM, Stephen John Smoogen wrote:
On Mon, Apr 12, 2010 at 11:13 AM, Stephen Gallagher sgallagh@redhat.com wrote: I'm trying to figure out how to do a little PR around the SSSD (the System Security Services Daemon). I've been tracking mentions of it around the web with Google Alerts and in the last few weeks, there have been several dozen hits... all in the Ubuntu context -_-
So I'm looking for advice on how to draw attention to the fact that this is a Fedora project. And moreover, works better on Fedora, since we have authconfig making setup a breeze.
The SSSD is an advertised Feature for Fedora 13: http://fedoraproject.org/wiki/Fedora_13_Talking_Points#System_Security_Servi...
My main concern is that most of the chatter that Google Alerts has been picking up have been leading back to blogs written about the Ubuntu package of SSSD (which is an older version than what is available in Fedora and also has no UI for configuring it).
Ok lets look at the following:
- What does it do?
We're targeting it as a replacement for nss_ldap, pam_ldap and pam_krb5. The main idea is that it handles cached authentication. It's target is mainly for larger Fedora deployments that use centralized authentication. Within this group, there are two main use-cases we're targeting:
- Laptop users. With the SSSD, there's no longer a need to maintain a
separate local user account. You will be able to sign in with your centrally-managed account even when not connected to the LDAP/Kerberos server. The SSSD caches credentials so that if the server is unavailable, the user can still gain access to their local machine. 2) Datacenter servers that rely on LDAP and/or Kerberos for authentication will be able to survive authentication outages.
- How does it work?
Quite well, thank you :)
- Why should I be excited about it?
In the case of a laptop user, no more managing two sets of passwords to get into your system. Plus, with Kerberos, if you log in online, it will automatically use your login credentials to acquire your Kerberos ticket-granting ticket for access to network credentials. (And if you're offline, integration with krb5-auth-dialog will make sure you can easily acquire that ticket when you go online)
- Can we make a video that shows this all to put up on the tubes somewhere.
I'm not sure what we can do for a video. I suppose we could record a Fedora 13 install, setting up the SSSD with authconfig during firstboot and then demonstrating how it works by simulating offline behavior with 'service [network|Network Manager] stop'
A) Does it have a gui? Show off the gui
Starting in Fedora 13, th authconfig UI (aka system-config-authentication) has been completely redesigned, and will now configure the SSSD.
See: https://fedoraproject.org/wiki/Test_Day:2010-03-30_SSSDByDefault http://mairin.wordpress.com/2010/02/18/authconfig-gtk-ui-revamp/ http://mairin.wordpress.com/2010/03/29/mockups-in-your-hand-authconfig-test-...
B) Show two systems.. one with it and one without it. Take it off networking or (for the corporate IT person who needs to show their boss... take it off vpn..) log into both.. which one works.. which one doesn't. Do a 'time' elapsed cut to 2-3 days later when the ticket no longer is valid.. log into both... do you get locked out of both? Tada... extra security for the stolen laptop.
We could do that pretty easily. Although the latter feature is one that isn't configured in the UI. We CAN set it so that after N days it disallows logins, but that requires manually editing the config file. But yes, it would be added security (just not useful for the 90% case, so we left it out of the UI)
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
marketing@lists.fedoraproject.org