Call for Bikeshedding: remote auth at install time

Stef Walter stefw at
Tue Jun 11 05:47:57 UTC 2013

On 10.06.2013 23:35, David Woodhouse wrote:
> On Sun, 2013-06-09 at 09:24 +0930, Glen Turner wrote:
>> I'd also strongly encourage a design which makes it easy for a
>> corporate-issued RPM to configure the authentication. For an example of
>> something wonderful, NetworkManager has a one-file-per-ssid design so its
>> easy for a RPM to drop in the configuration files for the corporate wireless.
>> I'd really like a company to be able to have a set of noarch RPMS which put
>> in place the minimum configuration for use within the organisation.
> FWIW I've had some of this working fairly nicely.
> A firstboot module takes the user's AD credentials, uses the internal
> PKI infrastructure to obtain SSL certificates for wifi and VPN, drops
> the appropriate NetworkManager config into place.
> That's the easy bit. Also configuring Evolution-EWS and pidgin-sipe is a
> bit harder, and Evolution is even *harder* to configure like that now
> that its account config has been improved (I last had it working when it
> involved gconftool-2).
> And Fedora 19 should *finally* make it vaguely sane to import the
> corporate SSL CAs to a central location rather than having to do it in
> seventeen different places for different SSL libraries and sometimes

Fedora 19 makes this possible (drop a file in a directory, run a
command), and Fedora 20 will make in smooth (tools, apis for it).

> even special locations for *particularly* braindamaged applications
> (pidgin).

Hmmm, we should probably fix that one to use the central stuff. David,
if we've missed any others in Fedora 19, could you file RHBZ bugs?



More information about the devel mailing list