On Wed, Mar 3, 2021 at 6:12 PM Kevin Fenzi <kevin@xxxxxxxxx> wrote: > > On Wed, Mar 03, 2021 at 05:26:46PM -0500, Neal Gompa wrote: > > On Wed, Mar 3, 2021, 5:13 PM Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> > > wrote: > > > > > On Wed, Mar 03, 2021 at 01:53:28PM -0800, Kevin Fenzi wrote: > > > > 4) We could add some kind of GSSAPI/Kerberos support to pagure, so > > > > people could use https and a kerberos ticket. > > > > > > What's amount of effort required for this option? Because other than "it > > > might be a lot of work", it seems ideal, and would resolve a lot of other > > > cases where it's an extra step to have to configure an access token for > > > pagure. But "it might be a lot of work" is a pretty big con. > > > > > > If the answer is "yeah, it's a lot", I vote for whichever other option > > > makes > > > this a logical next step when there is time to do such work. > > > > > > > I don't think it would be that hard anymore. Recently, Pagure changed to > > proxy and handle Git via HTTPS, meaning that we can do whatever we want to > > authenticate pulls and pushes. > > Except this doesn't work currently for src.fedoraproject.org pagure, as > the OIDC tokens take over. :( > Yeah, we need to fix this somehow. But it shouldn't be too hard, I think? We already have this setup for pagure.io... > > Ideally, we'd support it as a full login backend, so that logins this way > > would also generate accounts automatically. > > As long as those were pagure accounts, sure. > We don't want real system accounts. :) > Of course! These would be Pagure accounts, not Linux system accounts. > > We do have a ticket for GSSAPI for Git+HTTPS: > > https://pagure.io/pagure/issue/4995 > > Yeah, perhaps mod_auth_gssapi would be a short way to this. > > kevin > _______________________________________________ > infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
