- Contact: tech-pkg
- Mentors: Aleksej Saushev
- Duration estimate: 350h
pkgsrc is a very flexible package management system. It provides a comprehensible framework to build, test, deploy, and maintain software in its original form (with porter/packager modifications where applicable) as well as with site local modifications and customizations. All this makes pkgsrc suitable to use in diverse environments ranging from small companies up to large enterprises.
While pkgsrc already contains most elements needed to build an authentication server (or an authentication server failover pair), in order to install one, considerable knowledge about the neccessary elements is needed, plus the correct configuration, while in most cases pretty much identical, is tedious and not without pitfalls.
The goal of this project is to create a meta-package that will deploy and pre-configure an authentication server suitable for a single sign-on infrastructure.
Necessary tasks: provide missing packages, provide packages for initial configuration, package or create corresponding tools to manage user accounts, document.
The following topics should be covered:
- PAM integration with OpenLDAP and DBMS;
- Samba with PAM, DBMS and directory integration;
- Kerberos setup;
- OpenLDAP replication;
- DBMS (PostgreSQL is a must, MySQL optional, if time permits), replication (master-master, if possible);
- DNS server with a sane basic dynamic DNS update config using directory and database backend;
- user account management tools (web interface, command line interface, see user(8) manual page, perhaps some scripting interface);
- configuration examples for integration of services (web services, mail, instant messaging, PAM is a must, DBMS and directory optional).
All covered services should be documented, in particular documentation should include:
- initial deployment instructions;
- sample configuration for reasonably simple case;
- instructions how to test if the software works;
- references to full documentation and troubleshooting instructions (if any), both should be provided on-site (i.e. it should be possible to have everything available given pkgsrc snapshot and corresponding distfiles and/or packages on physical media).
In a nutshell, the goal of the project is to make it possible for a qualified system administrator to deploy basic service (without accounts) with a single pkg_add.