[debian-lan-devel] Installation report
Julien Lambot
jlambot at gmail.com
Sat May 4 20:20:42 UTC 2013
I don't know if it was already reported but I saw a little issue in dovecot
for which I had to specify the default ca cert.
instead of ssl_cert = </etc/dovecot/dovecot.pem
chnaged to ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
Is it bound to certificate creation?
I saw you committed some things related to cetificate creation scripts. It
could already be fixed.
On Fri, May 3, 2013 at 8:27 AM, Andreas B. Mundt <andi.mundt at web.de> wrote:
> Hi Julien,
>
> On Wed, May 01, 2013 at 11:40:41PM +0200, Julien Lambot wrote:
> > PS:
> > - Monitoring (icinga/munin) needs a valid kerberos user. What's the best
> > way to access it remotely?
> > It seems it's not recommended/possible to have fall back with the
> kerberos
> > AuthType.
>
> Here in my virtual test network, I can point iceweasel to the
> mainserver IP https://10.0.0.10/icinga and if I enter the user "admin"
> and the coresponding kerbereos password I am allowed to see the icinga
> stuff. However, so far there has not been taken care about remote
> access (also no firewalling). I assumed that the mainserver is behind
> some gateway/router and not drectly connected to the internet.
>
Indeed, locally it works like you say.
I Think I will use the vpn to connect, it's the easiest way.
>
> > May be I will leave this on a basic AuthType with only ldap auth or
> through
> > the vpn.
> > - Has anyone already tested a
> > fai softupdate for the workstations?
>
> Not especially for wheezy, but in my squeeze setup I had no problems
> so far.
>
I will try that and check how to add some more packages needed by the staff.
>
> Best regards,
>
> Andi
>
>
>
And... hum... sorry for the idea to fork out of Gosa. Forget it.
I had bad times with adding machines to samba domain and then this Kerberos
issue. It will be better if we work toward a solution with it.
Regards
Julien
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/debian-lan-devel/attachments/20130504/e19a5642/attachment.html>
More information about the debian-lan-devel
mailing list