Re: [CentOS-docs] New HOWTO Proposal: How to Configure Centralized Authentication on CentOS 6.0
Ok - so holding the article on the inclusion of SSL/TLS - I'll update this group once I've got that information. I also want to include access controls in the final document since it is an authentication server. Regarding sssd - I wouldn't hold the document for this. I've just been doing some reading on the subject. Even if it is "deployed", that doesn't mean it is configured or started. It looks like authconfig handles the vast majority of the work involved in authentication configuration in CentOS. I'm assuming anyone who wants to use sssd will know how to alter the authconfig to allow that. If not, it can be reviewed in a different HOWTO. -Adrian -- Adrian Hall (Personal Account) photoadr...@gmail.com On Tue, Sep 13, 2011 at 2:57 PM, Paul Heinlein wrote: > On Tue, 13 Sep 2011, Adrian Hall wrote: > > > I'm totally with you on the SSL/TLS. I've been swearing at that > > particular element for over two weeks now. Since there is no > > slapd.conf any more, the method of introducing a certificate is not > > logical, nor documented. > > Heh. To date, I've only setup CentOS 6 as an LDAP client. All my LDAP > servers run CentOS 5. > > > I haven't looked into sssd. Since it isn't installed by default on > > CentOS, why would that be a requirement? (not saying it isn't a > > good thing, but I'd probably defer that to another document as with > > the other elements you suggested) > > Concerning sssd, CentOS 6 kickstart will install and activate it if > you specify installation of the "Directory Client" package group. > Since that group looks like something that folks might want to install > on LDAP clients, I suspect it'll be more widely deployed than you > think. > > -- > Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ > ___ > CentOS-docs mailing list > CentOS-docs@centos.org > http://lists.centos.org/mailman/listinfo/centos-docs > ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] New HOWTO Proposal: How to Configure Centralized Authentication on CentOS 6.0
On Tue, 13 Sep 2011, Adrian Hall wrote: > I'm totally with you on the SSL/TLS. I've been swearing at that > particular element for over two weeks now. Since there is no > slapd.conf any more, the method of introducing a certificate is not > logical, nor documented. Heh. To date, I've only setup CentOS 6 as an LDAP client. All my LDAP servers run CentOS 5. > I haven't looked into sssd. Since it isn't installed by default on > CentOS, why would that be a requirement? (not saying it isn't a > good thing, but I'd probably defer that to another document as with > the other elements you suggested) Concerning sssd, CentOS 6 kickstart will install and activate it if you specify installation of the "Directory Client" package group. Since that group looks like something that folks might want to install on LDAP clients, I suspect it'll be more widely deployed than you think. -- Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] New HOWTO Proposal: How to Configure Centralized Authentication on CentOS 6.0
I'm totally with you on the SSL/TLS. I've been swearing at that particular element for over two weeks now. Since there is no slapd.conf any more, the method of introducing a certificate is not logical, nor documented. I haven't looked into sssd. Since it isn't installed by default on CentOS, why would that be a requirement? (not saying it isn't a good thing, but I'd probably defer that to another document as with the other elements you suggested) -- Adrian Hall (Personal Account) photoadr...@gmail.com On Tue, Sep 13, 2011 at 2:27 PM, Paul Heinlein wrote: > On Tue, 13 Sep 2011, Adrian Hall wrote: > > > http://wiki.centos.org/AdrianHall/CentralizedLDAPAuth > > I would suggest it goes into the HOWTO section. > > Things I'd recommend adding to the discussion before official > publication of the page: > > * sssd and ldap > * SSL/TLS > > Of slightly less immediate importance, but worthy of inclusion further > down the road: > > * master-slave ldap setup and failover on the clients > * ldap and samba for windows auth > * pointers to using ldap auth for, e.g., apache, jabber, sendmail, ... > * central user accounts and NFSv4 > > -- > Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ > ___ > CentOS-docs mailing list > CentOS-docs@centos.org > http://lists.centos.org/mailman/listinfo/centos-docs > ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] New HOWTO Proposal: How to Configure Centralized Authentication on CentOS 6.0
On Tue, 13 Sep 2011, Adrian Hall wrote: > http://wiki.centos.org/AdrianHall/CentralizedLDAPAuth > I would suggest it goes into the HOWTO section. Things I'd recommend adding to the discussion before official publication of the page: * sssd and ldap * SSL/TLS Of slightly less immediate importance, but worthy of inclusion further down the road: * master-slave ldap setup and failover on the clients * ldap and samba for windows auth * pointers to using ldap auth for, e.g., apache, jabber, sendmail, ... * central user accounts and NFSv4 -- Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-docs] New HOWTO Proposal: How to Configure Centralized Authentication on CentOS 6.0
http://wiki.centos.org/AdrianHall/CentralizedLDAPAuth I would suggest it goes into the HOWTO section. -- Adrian Hall (Personal Account) photoadr...@gmail.com ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] HOWTO: Configure a CentOS 6 Network Install Server - on my home page wiki
Thanks Phil - all excellent suggestions. I will adjust within the next hour. -- Adrian Hall (Personal Account) photoadr...@gmail.com On Tue, Sep 13, 2011 at 12:44 PM, Phil Schaffner < philip.r.schaff...@nasa.gov> wrote: > Adrian Hall wrote on 09/13/2011 02:24 PM: > > http://wiki.centos.org/AdrianHall/NetworkInstallServer > > > > I would suggest it goes into the HOWTO list. > > > > Looks very complete. Without testing the procedure, I will offer a few > minor suggestions and comments. > > 1. The preferred method for becoming root is usually "su -". A user > will not have sudo access by default. You might want to link to > http://wiki.centos.org/TipsAndTricks/BecomingRoot > > 2. On the rsync command I would use "-aH" or "--archive --hard-link" to > save space by preserving hard links. > > 3. There are some syntax problems with the code "{{{ ... }}}" structure > in the menu section. > > Phil > > > ___ > CentOS-docs mailing list > CentOS-docs@centos.org > http://lists.centos.org/mailman/listinfo/centos-docs > ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] HOWTO: Configure a CentOS 6 Network Install Server - on my home page wiki
Adrian Hall wrote on 09/13/2011 02:24 PM: > http://wiki.centos.org/AdrianHall/NetworkInstallServer > > I would suggest it goes into the HOWTO list. > Looks very complete. Without testing the procedure, I will offer a few minor suggestions and comments. 1. The preferred method for becoming root is usually "su -". A user will not have sudo access by default. You might want to link to http://wiki.centos.org/TipsAndTricks/BecomingRoot 2. On the rsync command I would use "-aH" or "--archive --hard-link" to save space by preserving hard links. 3. There are some syntax problems with the code "{{{ ... }}}" structure in the menu section. Phil ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-docs] HOWTO: Configure a CentOS 6 Network Install Server - on my home page wiki
http://wiki.centos.org/AdrianHall/NetworkInstallServer I would suggest it goes into the HOWTO list. -- Adrian Hall (Personal Account) photoadr...@gmail.com ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs