Re: Coworkers for myLinux project

From: Michael Oberg (googlegroups_at_mylinuxproject.de)
Date: 11/28/03 

Date: 28 Nov 2003 10:54:38 -0800

On a request of Michael Tobler, the first poster, I have translated
and extended the list of goals/tasks of my website.

First step should be the translation. Second, as I have mentioned
already, I would gladly accept help at the organization of the project
itself, that means creating of an shared workplace at SourceForge or
somewhere else. I have no experience in open source projects except as
an onlooker. Because of limited ressources it would be difficult to
create such a workplace in the network of the Fourier Information Ltd,
the momentary hoster.

Third, the technical requirements. The first one, the integration of
virus scanners, is my own task, because this is a requirement of two
of my customers and has to be fulfilled fast.

For fast creation and deletion of users I have written an usermanager
in Perl. This usermanager creates LDAP entries for Linux and Samba, a
Cyrus IMAPD mailbox, a sendmail Alias in LDAP, and the home directory
like the classic useradd command. He synchronizes Windows and Linux
password using the "add user script" directive of samba, too. But
there are still several gaps. There is no synchronization towards
Samba if the normal passwd command is used; there are users in the
system which are not (smmsp, mysql) or only partial represented in
LDAP (root, cyrus), but such users could not be created using the
usermanager. (My customers are using Windows clients only.)

Last, there is no package which allows Linux clients to authenticate
against a myLinux server. This is part of another open problem: Linux
clients would need another network file system as NFS, which has no
real authentication. A better aproach would be Coda or AFS.

The setup of myLinux does automatically create a root certificates for
the OpenSSL certificate authority as well as digitally signed
certificates for Apache, sendmail, Cyrus IMAPD and OpenLDAP, and it
exports the public key of the root certificate to Windows (DER
format). There were several requests to automatically create client
certificates in the usermanager, too. This would allow client
authentication without typing a password (which has to be configured,
too) and using encrypted emails (whereas the public keys would reside
in the LDAP address book).

Next problem is OpenLDAP itself. It does support only TLS encryption,
which is not supported by most mail clients. Therefore authentication
cannot be used by the mail clients - the passwords would be
transferred unencrypted. And therefore it is impossible to use LDAP
address books over the internet, or use varying access permissions for
different users. A possible solution is the use of stunnel.

Last, at the moment the setup supports only an "one machine
configuration". Whereas this is certainly the main purpose of the
myLinux server, it would be nice to support configurations where the
services could be spread over multiple myLinux servers and work
together using the same LDAP data source (alternatively by replication
or directly). This may be the least important request, because it is
possible to create such a configuration manually.

A request not mentioned on my website is a documentation for the
myLinux administrators. This may be a task too.

Relevant Pages

  • Re: localhost is all that will work
    ... What is the ServerBindings configured for this website? ... Bad Request message that I receive here as well. ... > - The client opens a connection to the webserver (works, ... > If this happens for all your clients on the Internet, ...
    (microsoft.public.inetserver.iis)
  • RE: process starvation with 2.6 scheduler
    ... The network traffic is of request response type. ... The netperf clients run on an external box, ... A client sends request to a server, ... With an ICE connected to the Palladium (emulator) I have dumped the kernel data structures of the starved process and the active process. ...
    (Linux-Kernel)
  • Re: Set up an LDAP address book server?
    ... Most mail clients these days are happy to operate as IMAP clients, and the better ones do a sufficiently good job of local caching that the off-line issue doesn't bite, either. ... The trouble is that LDAP seems to be used for a bunch of other things, like authentication databases, and so the documentation starts to use words like "schema" and I find it impenetrable. ... Also, openldap23-server won't install when openldap23-client is installed, and my system says that 64 installed packages depend on -client, so de-installing it doesn't seem to be an option. ... does anyone know of a good/simple recipe for setting up an LDAP address book database of the sort that existing e-mail clients want to use? ...
    (comp.unix.bsd.freebsd.misc)
  • Re: Object locking
    ... > I could adapt your idea to make it transparent to clients, ... This is why Ada implements that as a language primitive, ... inspects that queue for a request. ... abstract request class with the method DoIt. ...
    (comp.object)
  • Re: Authenticaion Choices
    ... is an useful link for configuring Samba with LDAP backend.Your windows ... clients can authenticate through Samba. ... Do I detect your tone that you are in favour of LDAP or OpenLDAP? ... Fedora Directory Server, and in case you have any issues you can post your ...
    (RedHat)