Re: ssh git access to src.fedoraproject.org feedback

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Mar 03, 2021 at 05:26:46PM -0500, Neal Gompa wrote:
> On Wed, Mar 3, 2021, 5:13 PM Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx>
> wrote:
> 
> > On Wed, Mar 03, 2021 at 01:53:28PM -0800, Kevin Fenzi wrote:
> > > 4) We could add some kind of GSSAPI/Kerberos support to pagure, so
> > > people could use https and a kerberos ticket.
> >
> > What's amount of effort required for this option? Because other than "it
> > might be a lot of work", it seems ideal, and would resolve a lot of other
> > cases where it's an extra step to have to configure an access token for
> > pagure. But "it might be a lot of work" is a pretty big con.
> >
> > If the answer is "yeah, it's a lot", I vote for whichever other option
> > makes
> > this a logical next step when there is time to do such work.
> >
> 
> I don't think it would be that hard anymore. Recently, Pagure changed to
> proxy and handle Git via HTTPS, meaning that we can do whatever we want to
> authenticate pulls and pushes.

Except this doesn't work currently for src.fedoraproject.org pagure, as
the OIDC tokens take over. :( 

> Ideally, we'd support it as a full login backend, so that logins this way
> would also generate accounts automatically.

As long as those were pagure accounts, sure. 
We don't want real system accounts. :) 

> We do have a ticket for GSSAPI for Git+HTTPS:
> https://pagure.io/pagure/issue/4995

Yeah, perhaps mod_auth_gssapi would be a short way to this. 

kevin

Attachment: signature.asc
Description: PGP signature

_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux