Introducing realmd
Stef Walter
stefw at gnome.org
Fri May 4 05:34:20 PDT 2012
Hi there,
I'm working on making GNOME have an easy to use interface for joining a
realm [1] (or an Active Directory domain) so that you can use domain
logins on a machine. This is already doable on linux nowadays, but I'm
working on making it just take a few clicks and perhaps a password.
realmd (pronounced realm-DEE) is a DBus system service started on demand
which manages domain enrollment of the machine and setup of kerberos
logins and so on. It exposes a simple and extensible DBus interface [2]
which clients (like gnome-control-center) use.
It uses package-kit to install necessary packages, and policy-kit to
check for privileges.
It doesn't support every possible option and incantation for joining a
domain. The goal of realmd is to facilitate a really simple UI. For
example it automatically detects whether a given domain is an Active
Directory (and in the future IPA) realm, without asking the user to make
that choice. realmd tries to use intelligent defaults.
However a goal of realmd is to interoperate well with the current tools
for doing this stuff, so advanced deployments can continue to use distro
or custom tools.
realmd is designed to support more than just Kerberos realms, although
that's all it implements for now. For example in the future it could
help the user setup Google Account based logins [3].
realmd supports setup of different stacks to handle the enrollment and
authentication (eg: Samba+Winbind or SSSD are two different stacks). So
far only support for Samba+Winbind has been implemented.
Since there are some obvious differences between setting this stuff up
on various distros, realmd has a way of doing basic customizations
per-distro. I only have it working on Red Hat distros right now, but
will shortly add Debian and a few others.
Anyone interested in working with me on this? I'm really early on in
this project right now, but it's hackable [4] and usable, and I'll get a
proper project setup shortly.
Cheers,
Stef
[1] Part of this work:
https://live.gnome.org/Design/Proposals/UserIdentities
[2]
http://cgit.freedesktop.org/~stefw/realmd/tree/dbus/org.freedesktop.realmd.xml
[3] http://www.chromium.org/chromium-os/chromiumos-design-docs/login
[4] Lives here for now, but will move to fdo git:
http://git.freedesktop.org/~stefw/realmd
More information about the xdg
mailing list