This shows you the differences between two versions of the page.
— |
mueli [2011/10/13 21:55] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | Here you find the description of a possible configuration of a mid- to big-size network infrastructure. This documentation is founded on the experience of maintaing the net infrastructure of the [[http://www.fest.tugraz.at|Institut for Strength of Materials]] on the [[http://www.tugraz.at|Graz University of Technology]]. Beside the normal office stuff we are developing software and therefore here are services regarding to software development listed and described. We are using to Linux derivates, [[http://www.grml.org|grml]] (of course ;)) and [[http://www.gentoo.org|gentoo]]. | ||
+ | ====== Prerequisites ====== | ||
+ | |||
+ | Especially for Gentoo you should enable a few USE flags from the beginning on. Of course it's possible to ignore some of them if you won't use the whole configuration. So in ''/etc/make.conf'' you should have enabled the following USE flags: | ||
+ | |||
+ | <code>USE="ldap kerperos ssl apache2"</code> | ||
+ | |||
+ | Special USE flags required for single ebuild are discussed in the related section. | ||
+ | |||
+ | ====== User management ====== | ||
+ | |||
+ | User management mainly consits of the naming Service, the authentication mechanism and login including the session handling. Here I describe two solutions for the whole problem which can coexist and are both configured on our systems. | ||
+ | |||
+ | So the first point you have to decide is whether to use OpenLDAP or NIS. For me, this decision is really straight forward ;) I am using LDAP. | ||
+ | |||
+ | ===== OpenLDAP ===== | ||
+ | |||
+ | As already mentioned the service is responsible for the naming service. But of course it is also possible to use LDAP for authentication. And here you can find a possible configuration for using LDAP as naming **and** authentication service. | ||
+ | |||
+ | === Server === | ||
+ | |||
+ | == Required Packages == | ||
+ | |||
+ | gentoo | ||
+ | |||
+ | <code> | ||
+ | mueli@michael:~$ emerge -a net-nds/openldap | ||
+ | </code> | ||
+ | |||
+ | grml | ||
+ | |||
+ | <code> | ||
+ | mueli@michael:~$ aptitude install slapd | ||
+ | </code> | ||
+ | |||
+ | === Client === | ||
+ | |||
+ | ===== Kerberos ===== | ||
+ | |||
+ | === Server === | ||
+ | |||
+ | === Client === | ||
+ | |||
+ | ===== PAM ===== | ||
+ | |||
+ | ====== File Serving ====== | ||
+ | |||
+ | ===== NFSv3 ===== | ||
+ | |||
+ | === Server === | ||
+ | |||
+ | === Client === | ||
+ | |||
+ | ===== OpenAFS ===== | ||
+ | |||
+ | === Server === | ||
+ | |||
+ | === Client === | ||
+ | |||
+ | ====== Services ====== | ||
+ | |||
+ | ===== OpenSSH ===== | ||
+ | |||
+ | === Server === | ||
+ | |||
+ | === Client === | ||
+ | |||
+ | ===== Web Serving ===== | ||
+ | |||
+ | ==== Apache with mod_auth_krb ==== | ||
+ | |||
+ | ==== Apache with mod_auth_pam ==== | ||
+ | |||
+ | ==== Apache with mod_auth_ldap ==== | ||
+ | |||
+ | ==== WebDAV ==== | ||
+ | |||
+ | ====== SCM ====== | ||
+ | |||
+ | ===== Subversion ===== | ||
+ | |||
+ | === Server === | ||
+ | |||
+ | === Client === | ||
+ | |||
+ | ===== Mercurial ===== | ||
+ | |||
+ | === Server === | ||
+ | |||
+ | === Client === | ||
+ | |||
+ | ====== Administration ====== |