On Wed, Mar 03, 2021 at 05:26:46PM -0500, Neal Gompa wrote: > On Wed, Mar 3, 2021, 5:13 PM Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> > wrote: > > > On Wed, Mar 03, 2021 at 01:53:28PM -0800, Kevin Fenzi wrote: > > > 4) We could add some kind of GSSAPI/Kerberos support to pagure, so > > > people could use https and a kerberos ticket. > > > > What's amount of effort required for this option? Because other than "it > > might be a lot of work", it seems ideal, and would resolve a lot of other > > cases where it's an extra step to have to configure an access token for > > pagure. But "it might be a lot of work" is a pretty big con. > > > > If the answer is "yeah, it's a lot", I vote for whichever other option > > makes > > this a logical next step when there is time to do such work. > > > > I don't think it would be that hard anymore. Recently, Pagure changed to > proxy and handle Git via HTTPS, meaning that we can do whatever we want to > authenticate pulls and pushes. Except this doesn't work currently for src.fedoraproject.org pagure, as the OIDC tokens take over. :( > Ideally, we'd support it as a full login backend, so that logins this way > would also generate accounts automatically. As long as those were pagure accounts, sure. We don't want real system accounts. :) > We do have a ticket for GSSAPI for Git+HTTPS: > https://pagure.io/pagure/issue/4995 Yeah, perhaps mod_auth_gssapi would be a short way to this. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure