Hash: SHA1

On 10/30/2010 04:13 AM, Niki Kovacs wrote:

> 2) All the user data are stored centrally on the server, preferably with
> quotas (for example max. 1 GB per user). 

Others have commented on your other points, but I'm going to add my two
cents to this one. This will be the trickiest portion to implement
(nearly all of your other needs are built-in to FreeIPA). However,
centrally-managed data requires some manual configuration.

The classic example would be to set up a centralized NFS server
providing the home directories and using automount on each client to
connect to them. There are many HOWTOs and guidelines (and your friendly
neighborhood RHCE would be able to guide you through this as well). For
added security, NFSv4 will also allow authentication via Kerberos
(provided by FreeIPA) to ensure that no one can gain access to anyone
else's NFS file-share.

IPAv2 will have support for centrally-managing autofs settings, but IPA
v1.2 currently does not (you can do it manually with direct LDAP tools,
but it might be just as easy to do with puppet-managed config files)

Having a built-in mechanism for setting up NFSv4 mounted home
directories (along with appropriate kerberos credentials) would be a
definite advantage for FreeIPA, so I'm going to make a recommendation
that we consider that for inclusion in the next version of FreeIPA (be
it 2.1 or 3.0). It's too late for feature creep in 2.0, though.

- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/


Freeipa-users mailing list

Reply via email to