Launchpad.net

Blueprints

29 blueprint(s) matching “kerberos”

This spec covers specific QA areas for the ARM server image. Spec URL is https://wiki.ubuntu.com/Specs/ARM/ServerImageValidationAndQA (shared by ServerImageValidationAndQA spec)
Kerberos Integration for BU-Ubuntu
Authentication needs to be integrated with the BU kerberos system.
NIS support for BU-Ubuntu
Kenmore runs an NIS server which manages all the CNS user accounts. This is used to manage authorization lists for specific machines on the CNS network, with passwords coming from Kerberos.
During Oneiric, we validated server functionality on ARM over a large set of workloads. As we move from Panda to real hardware, we need to revalidate in precise. Spec URL: https://wiki.ubuntu.com/Specs/ARM/ServerImageValidationAndQA
tpm-tools is an important feature in the enterprise from secure boot to 802.1x network authentication.
The next step to enhance Trafodion security is to seamlessly integrate within theSecure Hadoop eco-system. Trafodion is installed on top of the Hadoop and supports authentication through OpenLDAP and authorization through Trafodion; however, Hadoop, by itself runs in a non-secure mode. This blueprint defines a ta...
what kind of architecture for the directory? what kind of services should be provided by the directory infrastructure? which component should be used to provide each service? 1. authentification: kerberos to provide SSO. Kerberos requirements: dns+ntp+dhcp infrastructure. Liberty alliance? 2. data storage: centrali...
Rationale: During Ubuntu precise, packages for hadoop, hbase, hive, zookeeper and pig where delivered via PPA for use in associated charms which are now avaliable in the charm store for Ubuntu 12.04. This work needs to be continued to provide support for new versions of hadoop (and family) and to add new features ...
The spec describes a basic LDAP directory service for Ubuntu.
Applications in main that initiate outbound network connections to servers should support native Kerberos authentication. These applications should be audited and have bugs filed against them. If the protocols use SASL, our work is done for us. If not, coordination with upstream should happen to make these applicati...
Software in Ubuntu that runs as a services should be audited for Kerberization. Enhancement bugs should be attached to servers which do not properly support Kerberos and attached to this spec.
Get out-of-the-box support for OpenAFS (and by extension Kerberos5, which OpenAFS depends upon). OpenAFS is a free distributed filesystem; its home page is http://www.openafs.org/.
Currently, the client sends a Kerberos TGT received from Kerberos Server. In this case, the client has to be part of Kerberos domain. To support client residing outside domain, we need code changes for: - gleaning account, user and key from request - running kinit against the username and password
Samba can be used as a domain controller but configuring such a beast is really hard work. A general network services appliance preconfigured as a drop in replacement for a windows domain controller and general authentication server would be really useful. Notes/discussion on wiki whiteboard (specification).
Coil for Twisted
Twisted applications should be easily configurable by system administrators. For example, a system administrator should be able to deploy a chat server and configure it to use kerberos for authentication. The user interface for this configuration should be uniform across all Twisted applications. It should be pro...
Could the Ubuntu Enterprise Cloud provide centralized services for AAAAAA? Authentication: all users using applications deployed in the cloud are centrally managed Authorization: authorization are centrally managed, deployed applications define which roles/permissions they provide to the authorization services, adm...
how can service X leverage a directory infrastructure? what kind of functionality could be centralized? what type of information can be centralized? which tools currently exist to manage that information? List of services to look at: ntp kerberos dns dhcp ldap email search printing sending email (smtp) receiving em...
What do we need this for? ---------------------------------- - as a pre-requisite for authorization; we need to get rid of the read-only and read-write ports, and track privileges based on the connection identity - user limits (limit memory consumed by a user) - managed Tarantool hosting: we want to be able to open ...
Zentyal Server is able to provide configuration deployment and management for typical services on a Edubuntu server: HTTP proxy with content-filtering, LDAP and Kerberos or LTSP thin clients. Zentyal Desktop allows to configure these services on the terminals including authentication and session profiles. Explore ...
We should have a recommended way to easily add a machine to an AD domain (other common scenarios as well. Ex: Zentyal). It should "just work". Password expiration (&notifications), changing AD passwords, lightdm set to allow logins when joined. We may also want to consider: dropping/upgrades from likewise-open,...
FWaaS is a repository for storing and applying security rules to permit or deny network access. Rules should be able to be validated and accepted or rejected based on security policy. Since Congress is the engine for policy validation, work to link FWaaS and Congress. Ideally, Congress would perform two actions: ...
Document library usage for keystoneauth
Several documentation parts are missing, we need to fill the gaps to cover all keystoneauth features. stevemar: at first glance it seems like we're missing: - docs on auth plugins (like saml, openidconnect and kerberos) - docs on token_endpoint - a page that explains how to easily transition from keystoneclie...
Currently, Fuel cannot provision Samba Active Directory (AD LDAP database, Kerberos realm) and switch Keystone to use it. Enterprise customers would like to integrate OpenStack with their enterprise wide Active Directory environment in more 'native' way. This scenario has the following advantages over 'classical' L...
LDAP Out-of-the-box for Ubuntu
Getting LDAP up and running on multiple machines with minimal effort (server or client). The Ubuntu server team has been doing a fantastic job with the authtool, but it can work even better if the UI is extremely clear, and makes deploying an LDAP server simple.
Libuser may need either kerberos or LDAP support to integrate with the BU authentication system.
User and certificate management is currently done solely via the web interface of eucalyptus. Password use there cannot be the same as on the rest of the systems in an enterprise, accounts have to be recreated manually, existing x509 architechture cannot be used. Making the managegement of user and certificate use...
In BU-Linux, using sudo cuts off NFS access, which also breaks X-windows. This may or may not be solveable, but needs investigation in the context of kerberos and NFS integration.
Issue: - putting credentials into environment variables encourages non secure behavior such as putting credentials in a clear text file and and loading them via .bashrc or similar at login time. This is particularly problematic if swift authentication is integrated with the corporate ActiveDirectory / LDAP authenti...
Ubuntu has a very strong desktop product, but to deploy it in any organisation we need a directory service of some kind. The most likely candidate is OpenLDAP and Kerberos with some management tools (frontends, debconf, webpages). This would eliminate the need to custom build a system or to go outside Ubuntu (like...