Developer comments
Network authentication and identity management is a topic that will be discussed during the next UDS.
There are multiple options and use cases. It would help to describe specific use cases defining the environment and the actions needed to be done so that proper tools can be designed and implemented.
Propose your solution
Attachments
No attachments.
Duplicates
Comments
|
|
There is the FreeIPA project from RedHat that does something very similar to this. Howerver they are using the Fedora Directory Server instead of OpenLDAP.
I think project is highly interesting and should be pursued, there is a great need to have something similar to AD from Microsoft. Apple also has something like that based on OpenLDAP and Kerberos.
|
|
ariek
wrote on the 1 Mar 08 at 10:00
|
|
|
|
This would be one of the key functions within a mixed (Windows/Linux) environment. There are many howtos and manuals, but still it is quite a hassle and time consuming action. I suggest an installation wizard during the server installation, such as a LAMP, or DNS server.
|
|
|
I also think FreeIPA is a great choice, but it think it will need alot of resources to integrate it in Ubuntu. FreeIPA is not yet complete, it guess it will need some time.
But there is an other solution (which is not ebox):
http://brainstorm.ubuntu.com/idea/2322/
If you like it, support it.
|
|
|
The FreeIPA project should be releasing the 1.0 version pretty soon. The 1.2 requirements are already closed.
To see what 1.0 version provides look at:
http://www.freeipa.org/page/V1PRD
I think 1.0 is better than nothing which is what ubuntu has right now.
The main new things in 1.2 will be:
Machine authentication and identity
Service authentication and identity
Create an IPA plugin Architecture and framework
Cleanup IPA Schema
Create IPA client that manages authentication, cache, connection state to IPA, and will be used to manage authorization
Make it easier to create an IPA virtual appliance
Which is quite good, but 1.0 already has user identity management and replication which would already be quite useful con their own.
|
|
timos
wrote on the 6 Mar 08 at 19:36
|
|
|
This is - to my very limited understanding - one of the most important projects to get ubuntu servers into companies, schools etc.
Administrating users and user authentication in an environment consisting of several linux (and apache, samba ...) servers and where clients are linuxes, macs and windows is definitely not easy.
A solution to centrally manage this is warmly welcomed.
When developing a solution or adopting one to ubuntu the following could be considered:
- Linux-distribution and desktop neutrality
- Ability serve Linux/Mac/Windows-clients
- Adhering to standards (yes, ... serving windows-clients)
- Reliability, start small and reliable, grow big and reliable
- and, naturally GPL
A comment regarding AD: IMHO, the need to safeguard the AD-instance makes MS server systems somewhat vulnerable. A linux-system should be more robust.
|
|
arbulus
wrote on the 28 Mar 08 at 16:28
|
|
|
A thousand times yes.
This is absolutely key to getting Linux in the enterprise: centralize network management. For an office that would like to run nothing but Linux, an AD-like solution is absolutely paramount. And for those running mixed shops, full LDAP, Kerberos interoperability is a must.
Both FreeIPA/Fedora Directory Service and ebox look incredibly promising. This is definitely an area that needs to be a high priority.
|
|
moquist
wrote on the 28 Apr 08 at 14:47
|
|
|
In my experience, network authentication and home directory access cause the greatest pain and frustration by far among network admins who try to run Linux in K-12 schools in the United States. And for those who think about running Linux, the painful experience of directory services is usually the greatest turnoff.
After experiencing the ease of configuring and administering AD, how could they not find the current offerings in Linux to be crucially lacking? (WAN policy management? What is that? Even Aunt Tillie can figure out AD...)
IMNSHO the lack of an AD competitor (let alone killer) is the single greatest blocker to Linux in K-12 in the U.S. (at least) today.
|
|
|
I currently do the tech stuff at the new KLIMA-MAGAZIN (www.klima-magazin.de) - a print and online magazine about all stuff around being better for the climate and the earth and so on...
There we have about 10 24" iMacs, A openSUSE-Server on ugly hardware, 3 Windows-PCs and a Fedora 10-PC (Sorry.. No Ubuntu there right now).
I would love to manage them all throug a totally open AND usable Directory/Kerberos/DNS/NTP/Fileserver(Samba3/4(!),NFS4,AFP)/Mailserver/Groupwar e etc. stack, so my requirements are clear (...Yeah, I m dreaming...):
- It must work with Linux(+other Unix-alikes), OSX, Windows.
- There must be no dirty Hacks required on the clients
- It must be as easy to use as AD
- There should be a really cool and usable web-interface build on top of one of the major frameworks like zend,symfony,rails,django,turbogears (the language is not as important as the strong framework-base). The interface should adopt many popular web2.0 usability ideas that make huge masses of information manageable (Searching, Tagging etc...).
- KDE/Gnome integration would be very cool!
- Lose coupling of components to be able to exchange the underlying LDAP-Server or the Mailserver/GroupWare for example
- All Distros and involved projects should join forces to maximise interoperability, problem-solving-power, speed in development, world-wide adoption through users and companies etc.
- Additionally i would be very lucky to ditch PLESK, wich I use as my hosting control-panel :-)
In the end we would have a stack that beats all proprietary solutions by far.
Greetings from Hamburg
jo
|
|
frk2
wrote on the 9 Sep 09 at 13:13
|
|
|
Check out Zivios - almost exactly what you want, plus more.
Kde/Gnome integration would indeed be very cool - but we are not there at the moment
http://www.zivios.org
(I am a core developer at Zivios LLC!)
|
Post your comment
|
