[Server-devel] Web-based Management Interface for the XS

John Gunkel jgunkel at gmail.com
Mon Mar 24 22:22:25 EDT 2008


On Sat, Mar 22, 2008 at 4:11 AM, Marten Vijn <info at martenvijn.nl> wrote:
>  On Sat, 2008-03-22 at 00:52 -0400, John Watlington wrote:
>  > PHP security is viewed as less than acceptable for interfaces
>  > accessible from the open Internet.
>  > (The words of our security architect, which I see no reason to doubt.)
>  > It is viewed as barely acceptible for interfaces which can only be
>  > accessed from within the school.
>  >
>  > Should the configuration interface should also be available on the
>  > WAN interface ?
>  > My opinion is yes.
>
>  1. or use a vpn/ssh to access it.
>  avoiding thing i see right now on port 22 (over 1200 attempts per
>  weekend)


>  2 more:
>  - we could use something like puppet as backend and add nessesciary
>  modules. https://reductivelabs.com/

Many of the services that would be used are already LDAP aware. How
about adopting FDS
( http://directory.fedoraproject.org ) for the backend? The nice thing
about that is you can then use the command line tools, the web gui, or
a full blown "fat" client to twiddle objects in the directory.

Need to add a student? just add a student object, and email, homedir
(storage), jabber, SIP  and all their other services become available
to them. As long as an attribute exists for what you need to do, you
can populate it with the information you need. If you need more, you
can extend the schema to add it too. No more need for a "front end".

Much of the "system" config can also be stuffed into your directory
too. Not all, but perhaps enough that the more advanced configuration
taks can be left for ssh and vi.

Up side is that it will scale. Down side is that you do have a bit
more overhead to run the directory server.

Completely off base? or worth a thought?


More information about the Server-devel mailing list