Make Ubuntu authenticate against Network Authentication services

Registered by Reinhard Tartler

There are many different kinds of network authentication in use today. Ubuntu should be easily configured to use any of these out of the box, without asking any questions for the default local configuration. In order to accomplish this, there should be a single utility, similar to Fedora's authconfig, that interfaces with package-specific configuration scripts. Specifically, OpenLDAP and Active Directory should be supported.

Implementing client support to give us the ability to be easily or automatically be deployed inside of existing enterprises running existing directory services, such as Active Directory, can establish Ubuntu inside organizations in which we were previously unable to be. Some organizational and auditing policies mandate infrastructure being consider integrate into existing authentication systems, both for management and for security reasons. Communication of passwords and authentication to network services need to be protected by strong encrypted communication and authentication mechanisms.

Implementation of basic server side infrastructure can place us in a position to compete against other complete offerings such as Microsoft's Small Business Server. With this offering we can establish ourselves in small or startup companies. As those companies grow overtime we can ride on their success and expand our offerings based on user feedback to satisfy them as they grow into larger enterprises.

Blueprint information

Needs approval
Series goal:
Slow progress
Milestone target:
Started by
Rick Clark


Updated spec URL, added in the text from UDS

2007-01-31 kamion: Approved (as it stands, it's relatively simple), but you're going to have to get a move on! authtool doesn't seem to have made any progress since September, and Samba 3.0.24 hasn't been released yet which may prove to be a blocker. Please keep me updated. Also, is the "30 days" time estimate still accurate?

2007-02-31 svg: as laptops are becoming ubiquitious, it would be important to make configuration as such that som form of caching is involved (ldap cache, sync to local passwd, ..?) such that user is able to log in when not connected to the corporate network

2009-04-30 ro: @svg: LDAP Cached Credentials solves these problems in a quite elegant manner. So no problem here.


Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.