On Wed, Mar 03, 2021 at 07:35:00PM -0500, Neal Gompa wrote: > On Wed, Mar 3, 2021 at 6:12 PM Kevin Fenzi <kevin@xxxxxxxxx> wrote: > > > > On Wed, Mar 03, 2021 at 05:26:46PM -0500, Neal Gompa wrote: > > > On Wed, Mar 3, 2021, 5:13 PM Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> > > > wrote: > > > > > > > On Wed, Mar 03, 2021 at 01:53:28PM -0800, Kevin Fenzi wrote: > > > > > 4) We could add some kind of GSSAPI/Kerberos support to pagure, so > > > > > people could use https and a kerberos ticket. > > > > > > > > What's amount of effort required for this option? Because other than "it > > > > might be a lot of work", it seems ideal, and would resolve a lot of other > > > > cases where it's an extra step to have to configure an access token for > > > > pagure. But "it might be a lot of work" is a pretty big con. > > > > > > > > If the answer is "yeah, it's a lot", I vote for whichever other option > > > > makes > > > > this a logical next step when there is time to do such work. > > > > > > > > > > I don't think it would be that hard anymore. Recently, Pagure changed to > > > proxy and handle Git via HTTPS, meaning that we can do whatever we want to > > > authenticate pulls and pushes. > > > > Except this doesn't work currently for src.fedoraproject.org pagure, as > > the OIDC tokens take over. :( > > > > Yeah, we need to fix this somehow. But it shouldn't be too hard, I > think? We already have this setup for pagure.io... No pagure.io doesn't have mod_oidc allowing to push over https using an OIDC token. Moving to mod_gssapi may be the way to do this, however I'm no sure how eaasy/hard it will be to get it to support full pagure user account. Pierre _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
