What next?
Rudi Chiarito
nutello at sweetness.com
Wed Jun 1 20:19:57 UTC 2005
On Wed, Jun 01, 2005 at 01:59:19PM -0400, Elliot Lee wrote:
> Maybe it's time to start the brainstorming for Fedora Core 5 and Fedora
> Extras 5 - what major features are you willing to put effort into?
Improved Kerberos/Active Directory support?
I asked last week about establishing a standard for keytabs. Noone
replied.
It would be nice to have a way for authconfig/anaconda to make a system
join an AD realm. This is trickier than joining a realm managed by MIT
Kerberos.
The case where you have a domain administrator at the keyboard is more
or less handled by Samba 3's "net ads join", but that's only one of the
possible scenarios. I have been trying to tweak Samba to handle another
scenario: a computer account has already been created in the directory
and you have the account's password. Now you need to create the host
principal (for ssh and the like to work), as well as additional
principals for httpd and other services. For the time being I can see
this done in post-install kickstart scriptlets, because it relies on
Samba's net command. Hopefully with Samba4 things could be made easier to
integrate.
Authconfig would be involved in creating (if needed) the LDAP mappings
necessary to convert the Services for Unix schema to the RFC2037
schema that nss_ldap uses:
http://enterprise.linux.com/enterprise/04/12/09/2318244.shtml?tid=102&tid=101&tid=100
Something like that should remove yet another barrier to Linux
adoption.
--
Rudi
More information about the devel
mailing list