Make Ubuntu authenticate against Network Authentication services
There are many different kinds of network authentication in use today. Ubuntu should be easily configured to use any of these out of the box, without asking any questions for the default local configuration. In order to accomplish this, there should be a single utility, similar to Fedora's authconfig, that interfaces with package-specific configuration scripts. Specifically, OpenLDAP and Active Directory should be supported.
Implementing client support to give us the ability to be easily or automatically be deployed inside of existing enterprises running existing directory services, such as Active Directory, can establish Ubuntu inside organizations in which we were previously unable to be. Some organizational and auditing policies mandate infrastructure being consider integrate into existing authentication systems, both for management and for security reasons. Communication of passwords and authentication to network services need to be protected by strong encrypted communication and authentication mechanisms.
Implementation of basic server side infrastructure can place us in a position to compete against other complete offerings such as Microsoft's Small Business Server. With this offering we can establish ourselves in small or startup companies. As those companies grow overtime we can ride on their success and expand our offerings based on user feedback to satisfy them as they grow into larger enterprises.
- Needs approval
- Series goal:
- Slow progress
- Milestone target:
- Started by
- Rick Clark on 2008-07-10
- Completed by
Updated spec URL, added in the text from UDS
2007-01-31 kamion: Approved (as it stands, it's relatively simple), but you're going to have to get a move on! authtool doesn't seem to have made any progress since September, and Samba 3.0.24 hasn't been released yet which may prove to be a blocker. Please keep me updated. Also, is the "30 days" time estimate still accurate?
2007-02-31 svg: as laptops are becoming ubiquitious, it would be important to make configuration as such that som form of caching is involved (ldap cache, sync to local passwd, ..?) such that user is able to log in when not connected to the corporate network
2009-04-30 ro: @svg: LDAP Cached Credentials solves these problems in a quite elegant manner. So no problem here.
* Blueprints in grey have been implemented.