[et-mgmt-tools] Thoughts on Cobbler authorization/authentication and access levels in your organization?
Michael DeHaan
mdehaan at redhat.com
Mon Nov 26 21:51:18 UTC 2007
Jack Neely wrote:
> Michael,
>
> Here at NCSU I have an existing provisioning system that generates
> kickstarts based on a set of "keyword [value [value...]]" rules. We'd
> like to continue to use that as it works well for us...and it integrates
> with Cobbler well.
>
> So given that, admins already have the ability to control/alter their
> profiles in a defined way that scales well and lonely me can support.
>
> What I'd like from Cobbler is the ability for a select few admins (like
> me) to be able to setup all the bits to make Cobbler distros/profiles
> etc. work.
>
> Normal admins should be able to associate a MAC address with a profile
> and remove said MAC. Actually, it would be great if an admin could
> associate a hostname/IP address with a profile and Cobbler would run a
> plugin to translate that into a MAC.
>
One of the things I thought about doing was creating a simpler page to
just edit a systems mapping.
Login would work as before, but the page could be as simple as what you
mentioned above, a dropbox,
and an ok button. CLI equivalents should work too...
> Groups of admins as well. Any admin can modify MAC->profile of any
> other admin provided both are in the same group.
>
> Authentication via kerberos (PAM probably) authorization done by auto
> generated groups of admins (a plugin)?
>
Sounds reasonable.
> Okay...some half-baked ideas about how I see a workflow here. If you
> have questions please feel free.
>
Thanks! I've got some good feedback so far, so I'll try to summarize
findings/plans shortly.
If anyone else wants to share their thoughts on how they'd ideally like
their site to work, please do.
> Jack Neely
>
More information about the et-mgmt-tools
mailing list