[et-mgmt-tools] Re: Cobbler kerberos support testing (& other 1.0 notes/ramblings)
Robin Bowes
robin-lists at robinbowes.com
Wed Apr 16 00:25:03 UTC 2008
Michael DeHaan wrote:
> We've also talked about doing LDAP authorization in addition to
> authentication for a future release --f or those who want to control
> ownership but don't want to use the config file).
I'd be very interested in this sort of thing.
One use-case I'm thinking about is for an ISP with several clients
allowing each client to use cobbler to do their own installs. Of course,
this would require a further degree of privacy, i.e. it would be
necessary to prevent client A seeing anything belonging to Client B, and
vice versa. Some things should be viewable (read-only) to all, e.g. a
standard RHEL5 profile. Clients could perhaps copy a read-only profile
to their own custom profile and modify it as required.
Of course, another option is to restrict cobbler access to ISP employees
thus eliminating the need for strict partitioning.
Anyway, the LDAP authorisation sounds like interesting stuff - I
certainly wouldn't want to have to maintain an LDAP directory for
authentication, then manually edit a file to control authorisation.
Cheers,
R.
More information about the et-mgmt-tools
mailing list