SSSD publicity problem

Stephen John Smoogen smooge at gmail.com
Mon Apr 12 17:56:42 UTC 2010 

On Mon, Apr 12, 2010 at 11:46 AM, Stephen Gallagher <sgallagh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 04/12/2010 01:35 PM, Stephen John Smoogen wrote:
>> On Mon, Apr 12, 2010 at 11:13 AM, Stephen Gallagher <sgallagh at redhat.com> wrote:
>> I'm trying to figure out how to do a little PR around the SSSD (the
>> System Security Services Daemon). I've been tracking mentions of it
>> around the web with Google Alerts and in the last few weeks, there have
>> been several dozen hits... all in the Ubuntu context -_-
>>
>> So I'm looking for advice on how to draw attention to the fact that this
>> is a Fedora project. And moreover, works better on Fedora, since we have
>> authconfig making setup a breeze.
>>
>> The SSSD is an advertised Feature for Fedora 13:
>> http://fedoraproject.org/wiki/Fedora_13_Talking_Points#System_Security_Services_Daemon_.28SSSD.29
>>
>> My main concern is that most of the chatter that Google Alerts has been
>> picking up have been leading back to blogs written about the Ubuntu
>> package of SSSD (which is an older version than what is available in
>> Fedora and also has no UI for configuring it).
>>
>>> Ok lets look at the following:
>
>>> 1) What does it do?
> We're targeting it as a replacement for nss_ldap, pam_ldap and pam_krb5.
> The main idea is that it handles cached authentication. It's target is
> mainly for larger Fedora deployments that use centralized
> authentication. Within this group, there are two main use-cases we're
> targeting:
> 1) Laptop users. With the SSSD, there's no longer a need to maintain a
> separate local user account. You will be able to sign in with your
> centrally-managed account even when not connected to the LDAP/Kerberos
> server. The SSSD caches credentials so that if the server is
> unavailable, the user can still gain access to their local machine.
> 2) Datacenter servers that rely on LDAP and/or Kerberos for
> authentication will be able to survive authentication outages.
>
>>> 2) How does it work?
> Quite well, thank you :)
>
>
>>> 3) Why should I be excited about it?
> In the case of a laptop user, no more managing two sets of passwords to
> get into your system. Plus, with Kerberos, if you log in online, it will
> automatically use your login credentials to acquire your Kerberos
> ticket-granting ticket for access to network credentials. (And if you're
> offline, integration with krb5-auth-dialog will make sure you can easily
> acquire that ticket when you go online)
>
>>> 4) Can we make a video that shows this all to put up on the tubes somewhere.
> I'm not sure what we can do for a video. I suppose we could record a
> Fedora 13 install, setting up the SSSD with authconfig during firstboot
> and then demonstrating how it works by simulating offline behavior with
> 'service [network|Network Manager] stop'
>
>

A) Does it have a gui? Show off the gui
B) Show two systems.. one with it and one without it. Take it off
networking or (for the corporate IT person who needs to show their
boss... take it off vpn..) log into both.. which one works.. which one
doesn't. Do a 'time' elapsed cut to 2-3 days later when the ticket no
longer is valid.. log into both... do you get locked out of both?
Tada... extra security for the stolen laptop.

-- 
Stephen J Smoogen.

Ah, but a man's reach should exceed his grasp. Or what's a heaven for?
-- Robert Browning

More information about the marketing mailing list