Alex Mauer wrote:
Etienne Goyer wrote:
More concretely, it would involve (on the "master" side) :
- Setting up an LDAP directory, mostly for user authentication and NSS
- Setting up a DNS zone for the domain
- Generate a root CA, and a certificate for the master
- Generate a ssh authentication key pair
- Setting up a monitoring system
... etc
When a "client" is added to the "domain", it would involve :
- Adding the client in the domain's DNS zone
- Generate a certificate for this client, and send it to the client
- Make PAM and NSS on the client use the LDAP directory
- Install root's ssh public key in the client's authorized_keys file
- Install on the client any agent required by the monitoring service
... and so on
I'd just like to mention that I'd like to see kerberos added to to this
basic setup; use ldap for NSS and Kerberos for authentication. I'd also
be interested in participating in this project in any way possible.
time for a wiki page. fire it up.
--
ubuntu-server mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
