Ok - so holding the article on the inclusion of SSL/TLS - I'll update this group once I've got that information. I also want to include access controls in the final document since it is an authentication server. <div>
<br></div><div>Regarding sssd - I wouldn't hold the document for this. I've just been doing some reading on the subject. Even if it is "deployed", that doesn't mean it is configured or started. It looks like authconfig handles the vast majority of the work involved in authentication configuration in CentOS. I'm assuming anyone who wants to use sssd will know how to alter the authconfig to allow that. If not, it can be reviewed in a different HOWTO.</div>
<div><br></div><div>-Adrian<br clear="all">--<br>Adrian Hall (Personal Account)<br><a href="mailto:photoadrian@gmail.com">photoadrian@gmail.com</a><br><br>
<br><br><div class="gmail_quote">On Tue, Sep 13, 2011 at 2:57 PM, Paul Heinlein <span dir="ltr"><<a href="mailto:heinlein@madboa.com">heinlein@madboa.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On Tue, 13 Sep 2011, Adrian Hall wrote:<br>
<br>
</div><div class="im">> I'm totally with you on the SSL/TLS. I've been swearing at that<br>
> particular element for over two weeks now. Since there is no<br>
> slapd.conf any more, the method of introducing a certificate is not<br>
> logical, nor documented.<br>
<br>
</div>Heh. To date, I've only setup CentOS 6 as an LDAP client. All my LDAP<br>
servers run CentOS 5.<br>
<div class="im"><br>
> I haven't looked into sssd. Since it isn't installed by default on<br>
> CentOS, why would that be a requirement? (not saying it isn't a<br>
> good thing, but I'd probably defer that to another document as with<br>
> the other elements you suggested)<br>
<br>
</div>Concerning sssd, CentOS 6 kickstart will install and activate it if<br>
you specify installation of the "Directory Client" package group.<br>
Since that group looks like something that folks might want to install<br>
on LDAP clients, I suspect it'll be more widely deployed than you<br>
think.<br>
<font color="#888888"><br>
--<br>
</font><div><div></div><div class="h5">Paul Heinlein <> <a href="mailto:heinlein@madboa.com">heinlein@madboa.com</a> <> <a href="http://www.madboa.com/" target="_blank">http://www.madboa.com/</a><br>
_______________________________________________<br>
CentOS-docs mailing list<br>
<a href="mailto:CentOS-docs@centos.org">CentOS-docs@centos.org</a><br>
<a href="http://lists.centos.org/mailman/listinfo/centos-docs" target="_blank">http://lists.centos.org/mailman/listinfo/centos-docs</a><br>
</div></div></blockquote></div><br></div>