I spent the beginning of the Week trying to get the Cern CA to work on all machines. This was not as easy as I thought it would be, but now I have a rpm package that can be install and that will verify the certificates I get from the Active Directory Server. This will avoid man in the middle attacks. Further I extended ncm-authconfig to automatically modify /etc/ldap.conf to what I need it to be. While doing this I did some general module cleanup and added 13 new tpl options. After some testing I can now happily say that the Linux machines will securely, essentially authenticate against an AD server and use Quattor to configure themselves. Further I attended another group meeting.
One other big problem was that the AD server only returns 1024 entries, but this is of course not the total user number. So when I call getpwent it will only return the first 1024 entries and forget about 21086 users. I solved this through trying to get '--enable-paged-results' added to the spec file as compile option. But this will have to be done by red hat. I suppose this is going to take some time, till this goes upstream. But getpwent should not be used anyway :). Further I updated my passwd and group create script to acquire for this and enable paging in ldapseatch '-E pr=2000/noprompt'. Maybe a little off topic I am going to LinuxTag, Europe's leading exhibition on Linux and Open Source from May 28 - 31, 2008 at Berlin's Messezentrum unter dem Funkturm. So if you want to join should be good fun.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment