[SAC] SAC Status

Howard Butler hobu at hobu.net
Thu Jun 22 22:55:48 EDT 2006


As far as I know, Plone/LDAP authentication seems to be working. 
Only big issue (which looks to be very challenging to fix without 
some funding for the guys who work on zope ldap stuff) is populating 
the LDAP with a new user when someone joins the website.  That isn't 
automatic, and the only way to currently create users is to do so 
manually with the Directory tool.  It's also possible that we could 
write a clever python script to do this for us.

Additionally, I setup the one blade I was accessing to use the LDAP 
for shell authentication (also limited by only users who were also in 
the "Shell" access group).

Short term things that I think need to be done include:
- For shell users (like buildbots and db administrators, etc), common 
home directories across the possible machines would be desirable.  I 
do this with NFS and/or CIFS and it is sufficient if allowed within 
John's infrastructure.
- Hook up Apache to do LDAP authentication as well, so things like a 
subversion repository or just a dumb folder of files can be 
authenticated in the same way as everything else.
- The LDAP needs to be doing SSL, or be firewalled to only talk to 
internal TelaScience machines

Howard


At 2:24 PM -0700 6/22/06, John Graham wrote:
>Frank
>
>I am moving things slowly along... I could use some help on 
>confirming the LDAP is working from plone... but i think it good 
>everywhere else.
>I am also trying to build another blade out with FC4 but my 
>kickstart server is not leasing a DHCP address to the blade yet... 
>Anyone that has
>knowledge in this area will be welcome to hop in and help. This 
>blade will be for the buildbot :)
>
>John
>
>Frank Warmerdam wrote:
>
>>Norman,
>>
>>Have you had a chance to chat with John and Howard on the current status
>>of the telascience systems?  There is a board meeting tomorrow, and one
>>of the issues will undoubtedly be whether SAC is functioning effectively
>>and what can be done to support SAC.
>>
>>Things I would really like to see us move ahead with include:
>>  o Developing some sort of policy about who we give administrative
>>    access to, which machines need to be "very secure" (ie. LDAP master)
>>    vs. "less secure" (ie. build tests accessable to some project
>>    developers).
>>
>>  o Working out how we back things up.
>>
>>  o Working out a rough priority list for services to roll out.
>>
>>  o Putting out a call for volunteers for SAC, which implies having
>>    a sense of what skills we need, and how we would manage a influx
>>    of several volunteers.
>>
>>  o Setting up wiki pages explaining how the SAC administered systems
>>    are setup and a roadmap for what services go on what systems.
>>
>>I believe both Arnulf and I are keen to assist on technical and
>>adminstrative issues.  We have also had offers of technical help from
>>others such as Josh Livni, and Daniel Morissette.
>>
>>Best regards,





More information about the Sac mailing list