> > How would you do authentication? (From a user login to this server?) > > Is it OK to require that all users have an account on the server > (perhaps with no login shell)? Certainly the server has to have some > concept of users (or all users could see each other's data going by), > so if it doesn't use the system user database we'd need some > server-specific one right? Something like cyrus does not require user accounts. But it has a very definite sense of what stuff belongs to any given user. What about something that supports kerberos? That way they could (potentially) use their kerberos ticket they got at login to auth w/o typing in their password. Alternatively, you could push this into gdm - so it attempts to log them in AND get their config-server password. Ie: a gdm option : config server - and it attempts to auth to there, using the current username and password. It would probably mean a consistent username combo but it could be made to work w/o too much trouble. Arguably if the config server is down the client is not going to be terribly useful. It would be useful to have a "disconnected mode" so that it would do a normal auth when you login at gdm instead of checking with the config server. If the user is not using gdm or starting up from a console then just having the client prompt for a password would work On the server side having the server use pam to figure out what it should auth against should be fine, I'd think. Just rough ideas, I don't know how wise any of those are w/o giving it some more thought and talking to some folks who are wiser in the ways of authentication security than me. :) > I'm very interested in addressing this problem, so I'm glad to get > feedback. If you ever get bored and want to list some suggestions in > more detail I'd love to see it. (So far, I've focused on sharing user > preferences among machines, but there's other kinds of state...) > mostly I am interested in being able to mandate certain things in the user's config with relative ease. At the moment the gconf required-options is not terribly intuitive or documented so its hard for me to sort out how to set options globally that cannot be changed. I am thinking of something like a pine.conf.fixed or mandatory policies from WinNT/2K Also, if we're going to have a registry (more or less) in the form of the gconf/gconfd it might be worthwhile to have a graphical regedit. If there is one and I've not heard about it/found it then PLEASE let me know. It would be nice to have the user be able to edit their settings w/o having to enter the program. Especially if a setting accidentally makes a program unusable. Nitpicky but - nautilus needs to have a [special dirs] option like gmc had. I would rather that nautilus NOT try to traverse /afs when it runs. this is more an rfe - but its useful in places using lots of automounts. Teach nautilus about autofs. So that it see that the dir is an automounted point and grab the map and put the top level of dirs in folder for easy browsing for the user. I know sun has made tab-completion possible in bash for their mounter. So something like this should be do-able. A nice way of sucking out a users config into a tarball or a single file would be incredibly handy. If the config-server had the data in an ldap server then you could, theoretically, yank the data out in an ldif and be able to reupload it to wherever you want, if you wanted to copy the info, easily to a different config-server. Ldap could also buy you SOME amount of replication ease so you don't beat up config server too much if you have A LOT of users. Those are a few things off the top of my head. -sv
Attachment:
signature.asc
Description: This is a digitally signed message part