Etienne Goyer wrote: > More concretely, it would involve (on the "master" side) : > > - Setting up an LDAP directory, mostly for user authentication and NSS > - Setting up a DNS zone for the domain > - Generate a root CA, and a certificate for the master > - Generate a ssh authentication key pair > - Setting up a monitoring system > ... etc > > When a "client" is added to the "domain", it would involve : > > - Adding the client in the domain's DNS zone > - Generate a certificate for this client, and send it to the client > - Make PAM and NSS on the client use the LDAP directory > - Install root's ssh public key in the client's authorized_keys file > - Install on the client any agent required by the monitoring service > ... and so on
I'd just like to mention that I'd like to see kerberos added to to this basic setup; use ldap for NSS and Kerberos for authentication. I'd also be interested in participating in this project in any way possible.
signature.asc
Description: OpenPGP digital signature
-- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
