[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVS notes 2004 03 19 (per request in linux meeting notes)

Attending: Patrick, Willie, Kevin, Rick, Wes

Todo From Last meeting:
    - Web Server ( web team )
    - CVS Web or otherwise ( web team )
    - user level security ( martin )
    - RAID ( martin )
    - authn/authz ( tabled )
    - who gets root ( tabled )
        - reset root
        - sudo
    - account access ( WATS )
    - afs client ( Jane/Patrick )
    - repartition machine ( martin/sean )
    - review transcript
        - remove LDAP personality ( martin/sean )

Martin & Sean will do new kernel.

Martin & Katarina will attach a RAID.

Patrick will do afs client.

Subversion?
    symlinks within a project?
    subversion -> cvs
    authz - can we do it without root access
    create new project - can we do it without root access

Authn
Should we support Kerberos?
Neither of these currently exist:
1) PAM support (GPCC)
2) SSH support
GPCC requires kerberized PAM. No UMCE services currently require kerberized SSH.
Once kerberized PAM support is available, we could enable it on EQ. Admins could still have a local password (in case kerberos server is unusable).
Can users use SSH keys?
No on who showed up asked for this. So we recommend that it not yet be enabled.

Authz
Both CVS & subversion use Unix permissions. So, adding projects requires making Unix groups.

Who gets root?
Who is oncall for this machine?
This is a general purpose staff machine which runs mail, a webserver, CVS, and other stuff.
Various specialists oncall for their specialties, e.g., webmaster oncall for webserver. Blackops oncall for mail & ping. Blackops has root, sudo for specialists to restart their services.
Who adds account? Who creates projects in the repository? Who adds users to a project?
A delegated group of people, with sudo access to a script. Who writes these script? Who installs sudo? -- Patrick

We're not planning to meet again. Progress should be reported at the fortnightly UMCE Linux meetings.