On Sat, Mar 22, 2008 at 4:11 AM, Marten Vijn <[EMAIL PROTECTED]> wrote: > On Sat, 2008-03-22 at 00:52 -0400, John Watlington wrote: > > PHP security is viewed as less than acceptable for interfaces > > accessible from the open Internet. > > (The words of our security architect, which I see no reason to doubt.) > > It is viewed as barely acceptible for interfaces which can only be > > accessed from within the school. > > > > Should the configuration interface should also be available on the > > WAN interface ? > > My opinion is yes. > > 1. or use a vpn/ssh to access it. > avoiding thing i see right now on port 22 (over 1200 attempts per > weekend)
> 2 more: > - we could use something like puppet as backend and add nessesciary > modules. https://reductivelabs.com/ Many of the services that would be used are already LDAP aware. How about adopting FDS ( http://directory.fedoraproject.org ) for the backend? The nice thing about that is you can then use the command line tools, the web gui, or a full blown "fat" client to twiddle objects in the directory. Need to add a student? just add a student object, and email, homedir (storage), jabber, SIP and all their other services become available to them. As long as an attribute exists for what you need to do, you can populate it with the information you need. If you need more, you can extend the schema to add it too. No more need for a "front end". Much of the "system" config can also be stuffed into your directory too. Not all, but perhaps enough that the more advanced configuration taks can be left for ssh and vi. Up side is that it will scale. Down side is that you do have a bit more overhead to run the directory server. Completely off base? or worth a thought? _______________________________________________ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel