On 06/03/2013 09:07 PM, Adam Williamson wrote:
We all know what devel@ does best, so let's fire up the power of the
bikeshedding machine :)
We had https://bugzilla.redhat.com/show_bug.cgi?id=965883 on the list of
release blocker candidates that we evaluated at the blocker review
meeting this morning. Attendance at blocker reviews is pretty spotty
these days (please, people, come out and feel in a position of ABSOLUTE
POWER), and no-one present felt like they were a huge expert on typical
remote authentication use cases, so we really didn't feel qualified to
make a call on this one.
As things stand, in Fedora 19, it's basically impossible to configure
remote authentication from the install/firstboot process. If you want to
use remote auth, you'd have to create a local user first and then do it
using whatever tools are available. anaconda / initial-setup has a
button for "Use network login..." on its 'user creation' spoke which
ought to be where you configure remote auth, but right now it does
precisely nothing at all.
Whether this is a blocker or not comes down to a judgement call, because
it hinges on whether this is a significant inconvenience for a large
enough number of users. So we need to know from people who use Fedora in
remote auth environments whether it's a big problem not to be able to
set it up at install / firstboot time, or whether you'd be okay with
creating a local user to get through initial-setup and then configuring
remote auth from that local account.
For what it's worth, remote authentication is increasingly important
where I sit, so everything that makes it easier to set up is welcome. As
of now, my cheat sheet for older Fedoras and RHEL is several pages long
and involves manual reconfiguration of samba/winbind, kerberos and pam
modules--but I haven't tried to do it in F19 yet, either way. What keeps
bugging me is that the whole lashup is fragile and involves magic
('winbind crashed with no error messages; restart it; oops crashed
again; restart samba maybe; YAY, success, don't touch anything')
I would be tickled pink if it's a more supported workflow now. I will
check it out and file bugs or kudos, depending on the outcome.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
