[et-mgmt-tools] Thoughts on Cobbler authorization/authentication and access levels in your organization?
Jack Neely
jjneely at ncsu.edu
Mon Nov 26 20:57:12 UTC 2007
Michael,
Here at NCSU I have an existing provisioning system that generates
kickstarts based on a set of "keyword [value [value...]]" rules. We'd
like to continue to use that as it works well for us...and it integrates
with Cobbler well.
So given that, admins already have the ability to control/alter their
profiles in a defined way that scales well and lonely me can support.
What I'd like from Cobbler is the ability for a select few admins (like
me) to be able to setup all the bits to make Cobbler distros/profiles
etc. work.
Normal admins should be able to associate a MAC address with a profile
and remove said MAC. Actually, it would be great if an admin could
associate a hostname/IP address with a profile and Cobbler would run a
plugin to translate that into a MAC.
Groups of admins as well. Any admin can modify MAC->profile of any
other admin provided both are in the same group.
Authentication via kerberos (PAM probably) authorization done by auto
generated groups of admins (a plugin)?
Okay...some half-baked ideas about how I see a workflow here. If you
have questions please feel free.
Jack Neely
--
Jack Neely <jjneely at ncsu.edu>
Linux Czar, OIT Campus Linux Services
Office of Information Technology, NC State University
GPG Fingerprint: 1917 5AC1 E828 9337 7AA4 EA6B 213B 765F 3B6A 5B89
More information about the et-mgmt-tools
mailing list