Other feature requests

[Rob Townley]

i have not submitted a patch, not even a bit.

On Fri, Sep 10, 2010 at 6:12 AM, Julien Muchembled <jm at jmuchemb.eu> wrote:
> Hello,
>

Enterprise tinc needs a central/distributed repository of nodes and
configuration information.
A plugin for one of the following would go far.
DNS, OCSInventory-NG, FreeIPA (DNS, LDAP and Kerberos).

> 1. push options to clients (see push/pull options of OpenVPN)
OCSInventory-NG has ability to store configuration information and
push software and settings to remote LinMacWin clients.  But most
configuration info could be stored in a tinc accessible only DNS
server.


> 3. prevent a node from stealing an IP
Configuration information stored in LDAP and enforced by Kerberos.

> 4. prevent nodes from giving access to new nodes
FreeIPA could determine which nodes that NodeX has access to via Kerberos.


> 1. Pushing options to clients allows to centralize configuration, without
> having to reconfigure every node when one decide to change IP or any other
> network setting.

Configure each tinc client with a DNS server accessible only by tinc
clients.  Store network names, public certificates, port numbers,
dynamic ip addresses and of course hostnames in dynamic DNS.

>
> 4. I don't want that any client is allowed to extend the network by giving
> access to new nodes. I should be the only person allowing a machine to join
> the VPN, by configuring 2 or 3 "master" nodes.
> In fact, what is important is to protect nodes from being accessed by
> unauthorized nodes.
Covered by new features but could be verified with Kerberos.

>
> What do you think of these features. Is there anything already implemented I
> would have missed ? Maybe only in the 1.1 branch ?
>
> I am ready to help on these topics, either for design or coding.
>
>
> Regards,
> Julien
> _______________________________________________
> tinc-devel mailing list
> tinc-devel at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc-devel
>