Re: fedora hosted, sharding and openid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Feb 14, 2013 at 10:13 PM, Till Maas <till.maas@xxxxxxxxx> wrote:
...

Actually it is admin.fedoraprojet.org that will ask for the password.
Well, if you see admin.fedoraproject.org requesting the password, you are probably using id.fedoraproject.org currently, which is still the current FAS module.
FAS-OpenID (which is available as <username>.id.stg.fedoraproject.org) does not use admin.fedoraproject.org at all.
I assumed that if username.id.fedoraproject.org is used as OpenID ID,
there would be some plain HTTP request from the user's browser to
username.id.fedoraproject.org, but this does not seem to be the case
(anymore?).
No, the user's browser won't request username.id.fedoraproject.org but only id.fedoraproject.org, but trac does this to verify that the OpenID endpoint indeed controls that specific URL.
Nevertheless, at least trac will probably not connect via
HTTPS to username.id.fedoraproject.org, because the certificate for that
host name is not valid.
That's also not used: for connection between trac and the OpenID provider, plain HTTP is used for verification.
Nevertheless, an attack might not be that likely
for that as as MITM attacks near a user's client are.

Regards
Till
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Well, if you see admin.fedoraproject.org requesting the password, you are probably using id.fedoraproject.org currently, which is still the current FAS module.
FAS-OpenID (which is available as <username>.id.stg.fedoraproject.org) does not use admin.fedoraproject.org at all.
There is only SSL in place for the login page, all other pages do not need SSL (because of the certificate wildcard level).

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux