New HOWTO Proposal: How to Configure Centralized Authentication on CentOS 6.0
http://wiki.centos.org/AdrianHall/CentralizedLDAPAuth
I would suggest it goes into the HOWTO section.--
Adrian Hall (Personal Account)
photoadrian@gmail.com
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
09-13-2011, 08:27 PM
Paul Heinlein
New HOWTO Proposal: How to Configure Centralized Authentication on CentOS 6.0
On Tue, 13 Sep 2011, Adrian Hall wrote:
> http://wiki.centos.org/AdrianHall/CentralizedLDAPAuth
> I would suggest it goes into the HOWTO section.
Things I'd recommend adding to the discussion before official
publication of the page:
* sssd and ldap
* SSL/TLS
Of slightly less immediate importance, but worthy of inclusion further
down the road:
* master-slave ldap setup and failover on the clients
* ldap and samba for windows auth
* pointers to using ldap auth for, e.g., apache, jabber, sendmail, ...
* central user accounts and NFSv4
--
Paul Heinlein <> heinlein@madboa.com <> http://www.madboa.com/
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
09-13-2011, 08:36 PM
Adrian Hall
New HOWTO Proposal: How to Configure Centralized Authentication on CentOS 6.0
I'm totally with you on the SSL/TLS. *I've been swearing at that particular element for over two weeks now. *Since there is no slapd.conf any more, the method of introducing a certificate is not logical, nor documented.
I haven't looked into sssd. *Since it isn't installed by default on CentOS, why would that be a requirement? *(not saying it isn't a good thing, but I'd probably defer that to another document as with the other elements you suggested)
--
Adrian Hall (Personal Account)
photoadrian@gmail.com
On Tue, Sep 13, 2011 at 2:27 PM, Paul Heinlein <heinlein@madboa.com> wrote:
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
09-13-2011, 08:57 PM
Paul Heinlein
New HOWTO Proposal: How to Configure Centralized Authentication on CentOS 6.0
On Tue, 13 Sep 2011, Adrian Hall wrote:
> I'm totally with you on the SSL/TLS. I've been swearing at that
> particular element for over two weeks now. Since there is no
> slapd.conf any more, the method of introducing a certificate is not
> logical, nor documented.
Heh. To date, I've only setup CentOS 6 as an LDAP client. All my LDAP
servers run CentOS 5.
> I haven't looked into sssd. Since it isn't installed by default on
> CentOS, why would that be a requirement? (not saying it isn't a
> good thing, but I'd probably defer that to another document as with
> the other elements you suggested)
Concerning sssd, CentOS 6 kickstart will install and activate it if
you specify installation of the "Directory Client" package group.
Since that group looks like something that folks might want to install
on LDAP clients, I suspect it'll be more widely deployed than you
think.
--
Paul Heinlein <> heinlein@madboa.com <> http://www.madboa.com/
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
09-13-2011, 09:14 PM
Adrian Hall
New HOWTO Proposal: How to Configure Centralized Authentication on CentOS 6.0
Ok - so holding the article on the inclusion of SSL/TLS - I'll update this group once I've got that information. *I also want to include access controls in the final document since it is an authentication server. *
Regarding sssd - I wouldn't hold the document for this. *I've just been doing some reading on the subject. *Even if it is "deployed", that doesn't mean it is configured or started. *It looks like authconfig handles the vast majority of the work involved in authentication configuration in CentOS. *I'm assuming anyone who wants to use sssd will know how to alter the authconfig to allow that. *If not, it can be reviewed in a different HOWTO.
-Adrian--
Adrian Hall (Personal Account)
photoadrian@gmail.com
On Tue, Sep 13, 2011 at 2:57 PM, Paul Heinlein <heinlein@madboa.com> wrote:
On Tue, 13 Sep 2011, Adrian Hall wrote:
> I'm totally with you on the SSL/TLS. *I've been swearing at that
> particular element for over two weeks now. *Since there is no
> slapd.conf any more, the method of introducing a certificate is not
> logical, nor documented.
Heh. To date, I've only setup CentOS 6 as an LDAP client. All my LDAP
servers run CentOS 5.
> I haven't looked into sssd. *Since it isn't installed by default on
> CentOS, why would that be a requirement? *(not saying it isn't a
> good thing, but I'd probably defer that to another document as with
> the other elements you suggested)
Concerning sssd, CentOS 6 kickstart will install and activate it if
you specify installation of the "Directory Client" package group.
Since that group looks like something that folks might want to install
on LDAP clients, I suspect it'll be more widely deployed than you
think.
--
Paul Heinlein <> heinlein@madboa.com <> http://www.madboa.com/
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
09-18-2011, 09:29 PM
Ralph Angenendt
New HOWTO Proposal: How to Configure Centralized Authentication on CentOS 6.0
On 09/13/2011 11:14 PM, Adrian Hall wrote:
> Ok - so holding the article on the inclusion of SSL/TLS - I'll update this
> group once I've got that information. I also want to include access
> controls in the final document since it is an authentication server.
>
> Regarding sssd - I wouldn't hold the document for this. I've just been
> doing some reading on the subject. Even if it is "deployed", that doesn't
> mean it is configured or started. It looks like authconfig handles the vast
> majority of the work involved in authentication configuration in CentOS.
> I'm assuming anyone who wants to use sssd will know how to alter the
> authconfig to allow that. If not, it can be reviewed in a different HOWTO.
Yeah, that looks like a good idea. Just ping us when you're ready for a
final review.
Regards,
Ralph
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
New HOWTO Proposal: How to Configure Centralized Authentication on CentOS 6.0
