Antivirus in FC3?

Craig White craigwhite at azapple.com
Sat Mar 26 00:09:54 UTC 2005 

On Fri, 2005-03-25 at 16:33 -0500, Johnathan Bailes wrote:

> Vision is terribly important but a few people here have made the
> obvious declaration that a number of complex tasks in Linux have been
> scripted, automated and configured for the use of guis.
> 
> Considering the work the "competitors" over at Suse have done with
> yast tools for setting up ldap, and samba and such it should seem to
> be a kick in the butt for RH and the Fedora community.  But then
> again, if you use that you have to worry about Suseconfig hosing your
> manual settings in the background so it ain't worth it.
> 
> But come one RH tools at least the ones I have used tend to do things
> right like just adding stuff to the bottom of a config and not
> completely erasing your manual settings.
> 
> What is needed for a full OpenLdap, Kerberos, Samba (OpenDirectory)
> style solution?
> 
> Just two things.
> 
> 1)  Setup druid -- Automatically yum installs any needed packages you
> don't have installed and run through the initial configuration of
> making a linux "domain" with secure authentication and samba sharing
> of directories all in one shot.
> 
> 2)  Directory Administrator -- available already at  
> http://diradmin.open-it.org/index.php for initial setup of users and
> the conitnued maintenance of LDAP.
> 
> It seems like half the battle is in essence already won.
> 
> All we need is the setup part for the complete package.  
> 
> I love my command line but something this large and complex begs for
> the kinds of scripts and a solution like I just mentioned above.
> 
> This kind of we can do without a gui or in Sun's case with NIS+ we
> won't make a gui until its too late and try to charge for it kind of
> thinking that is fine for the old-timer BOFH but kills the newb.
> 
> Come on, if frickin' Apple can do an OpenDirectory solution then
> RedHat and Fedora can.  Half the stuff Apple uses if opensource stuff
> with a cute gui in front.
----
I actually was gonna mention OpenDirectory earlier in the thread but
that just seemed to be off at another end of the spectrum.

I played with 'Directory Administrator' when I first set up LDAP - it
didn't support samba 3 schema (perhaps they have updated it) - it was a
bitch to get installed (all of the GTK libraries and stuff), and though
it was pretty and visual, I found a better path - webmin.

SuSE isn't the issue - Microsoft has a fairly complete implementation of
LDAP/kerberos/Windows SAM stuff and you can shoehorn in the Posix stuff
if you figure it out.

OpenDirectory isn't a complete implementation...neither is SuSE's - just
a basic setup that doesn't have value to experienced administrators. If
you want to use either for mail aliases (which I do to get rid of
stupid /etc/alias & /etc/mail/virtusertable editing), mail routing,
personal address books (there clearly is no standard schema here - every
mail & address book has their own concept), autofs, certificates, or any
of the things that really represent decent LDAP integration, those tools
are all out the window.

Red Hat doesn't even distribute a Kerberos that really works with AD -
so a full implementation isn't even possible at the present. 

Red Hat has a TON of RHEL users that have been using 2.0.27 that won't
be able to migrate to 2.2.13 (RHEL-4/FC-3) because of structural object
classes. Samba just released 3.0.12 (stable - but has some noted bugs
and 3.0.13 is on the way) that just changed the samba.schema (again) -
Then to top it off, openldap-2.2 is pretty much on the way out, feature
frozen, no changes except bug fixes at this point - openldap-2.3 is well
into beta and the first stable 2.4 version can't be too far out now.

It's a great concept to make a 'user friendly' LDAP base setup but it
has so many pitfalls, that it seems that it would engender more angst
than satisfaction.

If what you want is an incomplete LDAP solution bundled into RHEL or
Fedora (if Fedora is the testing ground, is anything like this in Fedora
4 test 1?) - shouldn't there be some discussion of this not here but in
Fedora-development list or RHEL development list?

Craig

More information about the fedora-list mailing list