Call for Bikeshedding: remote auth at install time
Przemek Klosowski
przemek.klosowski at nist.gov
Tue Jun 4 14:26:48 UTC 2013
On 06/03/2013 09:07 PM, Adam Williamson wrote:
> We all know what devel@ does best, so let's fire up the power of the
> bikeshedding machine :)
>
> We had https://bugzilla.redhat.com/show_bug.cgi?id=965883 on the list of
> release blocker candidates that we evaluated at the blocker review
> meeting this morning. Attendance at blocker reviews is pretty spotty
> these days (please, people, come out and feel in a position of ABSOLUTE
> POWER), and no-one present felt like they were a huge expert on typical
> remote authentication use cases, so we really didn't feel qualified to
> make a call on this one.
>
> As things stand, in Fedora 19, it's basically impossible to configure
> remote authentication from the install/firstboot process. If you want to
> use remote auth, you'd have to create a local user first and then do it
> using whatever tools are available. anaconda / initial-setup has a
> button for "Use network login..." on its 'user creation' spoke which
> ought to be where you configure remote auth, but right now it does
> precisely nothing at all.
>
> Whether this is a blocker or not comes down to a judgement call, because
> it hinges on whether this is a significant inconvenience for a large
> enough number of users. So we need to know from people who use Fedora in
> remote auth environments whether it's a big problem not to be able to
> set it up at install / firstboot time, or whether you'd be okay with
> creating a local user to get through initial-setup and then configuring
> remote auth from that local account.
For what it's worth, remote authentication is increasingly important
where I sit, so everything that makes it easier to set up is welcome. As
of now, my cheat sheet for older Fedoras and RHEL is several pages long
and involves manual reconfiguration of samba/winbind, kerberos and pam
modules--but I haven't tried to do it in F19 yet, either way. What keeps
bugging me is that the whole lashup is fragile and involves magic
('winbind crashed with no error messages; restart it; oops crashed
again; restart samba maybe; YAY, success, don't touch anything')
I would be tickled pink if it's a more supported workflow now. I will
check it out and file bugs or kudos, depending on the outcome.
More information about the devel
mailing list