[et-mgmt-tools] Thoughts on Cobbler authorization/authentication and access levels in your organization?

Aaron Lippold lippold at gmail.com
Tue Nov 27 07:49:12 UTC 2007 

Hi,

One of the features that would be good would be the abllity to
intagrate with NSS. Fedora / RedHat Directory server etc. I think
looking at mod_nss and the already existing pam, pam_pkcs11 etc would
really expand overall enterprise usage, at least for my use. I think
that usage of PAM, NSS, kerberos would provide a good baseline for the
largest set of use cases. Just my thoughts.

Yours,

Aaron

On Nov 26, 2007 4:51 PM, Michael DeHaan <mdehaan at redhat.com> wrote:
> Jack Neely wrote:
> > Michael,
> >
> > Here at NCSU I have an existing provisioning system that generates
> > kickstarts based on a set of "keyword [value [value...]]" rules.  We'd
> > like to continue to use that as it works well for us...and it integrates
> > with Cobbler well.
> >
> > So given that, admins already have the ability to control/alter their
> > profiles in a defined way that scales well and lonely me can support.
> >
> > What I'd like from Cobbler is the ability for a select few admins (like
> > me) to be able to setup all the bits to make Cobbler distros/profiles
> > etc. work.
> >
> > Normal admins should be able to associate a MAC address with a profile
> > and remove said MAC.  Actually, it would be great if an admin could
> > associate a hostname/IP address with a profile and Cobbler would run a
> > plugin to translate that into a MAC.
> >
>
> One of the things I thought about doing was creating a simpler page to
> just edit a systems mapping.
>
> Login would work as before, but the page could be as simple as what you
> mentioned above, a dropbox,
> and an ok button. CLI equivalents should work too...
> > Groups of admins as well.  Any admin can modify MAC->profile of any
> > other admin provided both are in the same group.
> >
> > Authentication via kerberos (PAM probably) authorization done by auto
> > generated groups of admins (a plugin)?
> >
> Sounds reasonable.
> > Okay...some half-baked ideas about how I see a workflow here.  If you
> > have questions please feel free.
> >
>
> Thanks! I've got some good feedback so far, so I'll try to summarize
> findings/plans shortly.
> If anyone else wants to share their thoughts on how they'd ideally like
> their site to work, please do.
> > Jack Neely
>
> >
>
> _______________________________________________
> et-mgmt-tools mailing list
> et-mgmt-tools at redhat.com
> https://www.redhat.com/mailman/listinfo/et-mgmt-tools
>

More information about the et-mgmt-tools mailing list