Call for Bikeshedding: remote auth at install time

Simo Sorce simo at
Tue Jun 4 13:34:18 UTC 2013

On Tue, 2013-06-04 at 09:02 -0400, Stephen Gallagher wrote:
> Hash: SHA1
> On 06/03/2013 09:07 PM, Adam Williamson wrote:
> > We all know what devel@ does best, so let's fire up the power of
> > the bikeshedding machine :)
> > 
> > We had on the
> > list of release blocker candidates that we evaluated at the blocker
> > review meeting this morning. Attendance at blocker reviews is
> > pretty spotty these days (please, people, come out and feel in a
> > position of ABSOLUTE POWER), and no-one present felt like they were
> > a huge expert on typical remote authentication use cases, so we
> > really didn't feel qualified to make a call on this one.
> > 
> > As things stand, in Fedora 19, it's basically impossible to
> > configure remote authentication from the install/firstboot process.
> > If you want to use remote auth, you'd have to create a local user
> > first and then do it using whatever tools are available. anaconda /
> > initial-setup has a button for "Use network login..." on its 'user
> > creation' spoke which ought to be where you configure remote auth,
> > but right now it does precisely nothing at all.
> > 
> > Whether this is a blocker or not comes down to a judgement call,
> > because it hinges on whether this is a significant inconvenience
> > for a large enough number of users. So we need to know from people
> > who use Fedora in remote auth environments whether it's a big
> > problem not to be able to set it up at install / firstboot time, or
> > whether you'd be okay with creating a local user to get through
> > initial-setup and then configuring remote auth from that local
> > account.
> > 
> How did that happen? Last I had heard, Anaconda was supposed to be
> farming out to RealmD to do this. We should have no need to create a
> local user at all. CCing the RealmD maintainer for comment.

Realmd is a good tool, but works only with Windows Ad or FreeIPA.
It is useless to configure against a classic directory and/or Kerberos
server or NIS or things like that.

Anaconda used to have authconfig integration, was it yanked on rewrite ?


Simo Sorce * Red Hat, Inc * New York

More information about the devel mailing list