Call for Bikeshedding: remote auth at install time
David Woodhouse
dwmw2 at infradead.org
Mon Jun 10 21:35:45 UTC 2013
On Sun, 2013-06-09 at 09:24 +0930, Glen Turner wrote:
>
> I'd also strongly encourage a design which makes it easy for a
> corporate-issued RPM to configure the authentication. For an example of
> something wonderful, NetworkManager has a one-file-per-ssid design so its
> easy for a RPM to drop in the configuration files for the corporate wireless.
> I'd really like a company to be able to have a set of noarch RPMS which put
> in place the minimum configuration for use within the organisation.
FWIW I've had some of this working fairly nicely.
A firstboot module takes the user's AD credentials, uses the internal
PKI infrastructure to obtain SSL certificates for wifi and VPN, drops
the appropriate NetworkManager config into place.
That's the easy bit. Also configuring Evolution-EWS and pidgin-sipe is a
bit harder, and Evolution is even *harder* to configure like that now
that its account config has been improved (I last had it working when it
involved gconftool-2).
And Fedora 19 should *finally* make it vaguely sane to import the
corporate SSL CAs to a central location rather than having to do it in
seventeen different places for different SSL libraries and sometimes
even special locations for *particularly* braindamaged applications
(pidgin).
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130610/debacc26/attachment.bin>
More information about the devel
mailing list