Infrastructure SL5 issues

SL5 general platform issues

Infrastructure Unit SL5 server platform software that needs to be ported for Project 83 - DICE SL5 server platform:

Kerberos
  • Probably already done as part of the inf-level port; just need to check that it works
  • kdcregister done as part of the inf-level port
  • Mostly we use the Kerberos s/w supplied by the base OS. (At SL5 this is still MIT v1.5; v1.6 would cause us problems.)
  • PAM stack s/w: pam_krb5_allbery

LDAP
  • Should just need to rebuild existing s/w
  • Perl LDAP helper modules: AuthUtils, LDAPSync
  • lcfg2ldap (?)

KX509
  • pam_kx509

SIXKTS
  • Perl modules - TBD: which ones?
  • The version of Perl itself on SL5 should be the same as that on FC6, (since SL5 is based on RHEL5, which is based on FC6)

PAM
  • renc
  • pam_krb5_allbery
  • pam_kx509

rfe/rfed
  • ... and underlying Perl modules

NTP
  • Probably (?) already done as part of the inf-level port

OpenSSH
  • Need our version of OpenSSH; probably (?) already done as part of the inf-level port

OpenSSL
  • Provided by base OS

localauth
  • Dropped for FC6; we won't support this for SL5.

ipfilter
  • Just a component; everything else comes from the base OS.

UPSes

DNS configuration

Routing

Cosign

Apacheconf

amd
Not the Inf Unit's responsibility

SL5 issues for Infrastructure Unit machines

KDCs

  • Need to verify version of Kerberos
  • Some porting of components and ancillary code
  • We currently use the distribution code-base, so priority for upgrade to ensure patches

LDAP

  • OpenLDAP version is ancient (but no reason to think latest won't build)
  • No user services other than LDAP itself

Other authentication services

  • Quite a bit of stuff to be ported (perl)
  • Some runs on KDCs, so would have to be ready for their upgrade

Cosign

  • Code and components to port (but no reason to think they won't)
  • No user services other than Cosign itself

SixKTS

Authportal

Monitoring

  • Code and components to port
  • No user services

UPSes

  • Custom RPM build, so porting required
  • Probably better USB support!

Network infrastructure and routing

  • Kernel modules appear to be present
  • Quite a bit of code to be ported (but no reason to think it won't)
  • No user services, so pressure only from kernel bugs

lcfg2ldap

DNS

VPN Endpoint

-- GeorgeRoss - 02 Oct 2007

Topic revision: r4 - 05 Nov 2007 - 15:45:58 - IanDurkacz
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies