Hi Petter, hi list, On So 27 Feb 2011 14:22:17 CET Petter Reinholdtsen wrote:
[Andreas Schockenhoff]The netgroup is a solution that based on IPs so it is not really secure. Now we have Kerberos running is there an other solution? So may be we do not need the netgroups.Netgroups are used for NFS exports, network filtering and shutdown-at-night features. Not all of these can be repaced by kerberos.
In Zweibrücken I have volunteered to start working on a netgroups module/plugin (or whatever) for GOsa². I have had to finish some work on another software project (X2go Client Python API + GUI Client) for one of my customers but that should be finished some time during this week (hopefully).
Thus, I will start on Netgroup integration into GOsa² this week... For a beta release I recommend (that only meets NFS setup tweaks) to use global NFS export rules as opposed to the current netgroups based rules. However, this should only be a temporary tweak.
Until netgroups support is implemented into GOsa², the shutdown-at-night feature will not work which might be tolerable for a beta release (it needs to be communicated well, though).
However, I am not sure about the netfilter dependencies on netgroups. Could you point me to some config files in Debian Edu SVN?
Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: firstname.lastname@example.org, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
Description: Digitale PGP-Unterschrift