On Wed, Mar 3, 2021, 5:13 PM Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote:
On Wed, Mar 03, 2021 at 01:53:28PM -0800, Kevin Fenzi wrote:
> 4) We could add some kind of GSSAPI/Kerberos support to pagure, so
> people could use https and a kerberos ticket.
What's amount of effort required for this option? Because other than "it
might be a lot of work", it seems ideal, and would resolve a lot of other
cases where it's an extra step to have to configure an access token for
pagure. But "it might be a lot of work" is a pretty big con.
If the answer is "yeah, it's a lot", I vote for whichever other option makes
this a logical next step when there is time to do such work.
I don't think it would be that hard anymore. Recently, Pagure changed to
proxy and handle Git via HTTPS, meaning that we can do whatever we want to authenticate pulls and pushes.
Ideally, we'd support it as a full login backend, so that logins this way would also generate accounts automatically.
We do have a ticket for GSSAPI for Git+HTTPS: https://pagure.io/pagure/issue/4995
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure