Re: Idea for a spec

Alex Mauer wrote:
> Etienne Goyer wrote:
>
>   
> > More concretely, it would involve (on the "master" side) :
> >
> > - Setting up an LDAP directory, mostly for user authentication and NSS
> > - Setting up a DNS zone for the domain
> > - Generate a root CA, and a certificate for the master
> > - Generate a ssh authentication key pair
> > - Setting up a monitoring system
> >  ... etc
> >
> > When a "client" is added to the "domain", it would involve :
> >
> > - Adding the client in the domain's DNS zone
> > - Generate a certificate for this client, and send it to the client
> > - Make PAM and NSS on the client use the LDAP directory
> > - Install root's ssh public key in the client's authorized_keys file
> > - Install on the client any agent required by the monitoring service
> >  ... and so on
> >     
> I'd just like to mention that I'd like to see kerberos added to to this
> basic setup; use ldap for NSS and Kerberos for authentication.  I'd also
> be interested in participating in this project in any way possible.
>
>   
time for a wiki page.   fire it up.