File:  [NetBSD Developer Wiki] / wikisrc / projects / project / sso.mdwn
Revision 1.1: download - view: text, annotated - select for diffs
Sun Nov 6 01:59:12 2011 UTC (2 years, 5 months ago) by jmmv
Branches: MAIN
CVS tags: HEAD
Move existing project definitions from projects/gsoc_2011/ to
projects/project/ .

The goal for this reorganization is to remove any knowledge of the projects
classification from the file hierarchy: the classification goes into tags,
and projects indexes automatically list projects based on such tags.

Also, the current gsoc_2011 name was wrong anyway, because GSoC 2011 has
already concluded and projects would have had to move to a gsoc_2012 directory

Lastly, yes, "projects/project/*" is slightly redundant.  But I want to keep
the project lists from the projects "database" clearly separated.

This is as proposed in www@.

[[!template id=project

title="Authentication server meta-package"


[Aleksej Saushev](

duration="3 months"

pkgsrc is a very flexible package management system. It provides a comprehensible framework to build, test, deploy, and maintain software in its original form (with porter/packager modifications where applicable) as well as with site local modifications and customizations. All this makes pkgsrc suitable to use in diverse environments ranging from small companies up to large enterprises.

While pkgsrc already contains most elements needed to build an authentication server (or an authentication server failover pair), in order to install one, considerable knowledge about the neccessary elements is needed, plus the correct configuration, while in most cases pretty much identical, is tedious and not without pitfalls.

The goal of this project is to create a meta-package that will deploy and pre-configure an authentication server suitable for a single sign-on infrastructure.

Necessary tasks: provide missing packages, provide packages for initial configuration, package or create corresponding tools to manage user accounts, document.

The following topics should be covered:

* PAM integration with OpenLDAP and DBMS;
* Samba with PAM, DBMS and directory integration;
* Kerberos setup;
* OpenLDAP replication;
* DBMS (PostgreSQL is a must, MySQL optional, if time permits), replication (master-master, if possible);
* DNS server with a sane basic dynamic DNS update config using directory and database backend;
* user account management tools (web interface, command line interface, see user(8) manual page, perhaps some scripting interface);
* configuration examples for integration of services (web services, mail, instant messaging, PAM is a must, DBMS and directory optional).

All covered services should be documented, in particular documentation should include:

* initial deployment instructions;
* sample configuration for reasonably simple case;
* instructions how to test if the software works;
* references to full documentation and troubleshooting instructions (if any), both should be provided on-site (i.e. it should be possible to have everything available given pkgsrc snapshot and corresponding distfiles and/or packages on physical media).

In a nutshell, the goal of the project is to make it possible for a qualified system administrator to deploy basic service (without accounts) with a single pkg_add. 

[[!tag gsoc]]
[[!tag easy]]
[[!tag pkgsrc]]

CVSweb for NetBSD wikisrc <> software: FreeBSD-CVSweb