On 20/11/16 01:11, Dennis Gilmore wrote:
koji authentication will be switching to Kerberos. Koji supports multiple authentication mechanisms. Fedora infrastructure has set up a freeipa instance internally that has credential syncing to fas. We are working on ensuring that gssapi caching is supported so that you can have multiple TGT's and the ability to work in multiple reams at once. you can get started today by doing kinit <fas username>@FEDORAPROJECT.ORG if you move your ~/.fedora.cert file out of the way authentication will still work.
Bearing in mind that I've never used kerberos before, so I may be misunderstanding something completely here, a little experimentation suggests that currently the longest ticket lifetime we can request with kinit is 24 hours?
It looks like it can be renewed up to a week (well six days, plus the one day lifetime of the final ticket) but you do have to remember to keep renewing before the 24 hour expiry is reached.
All of which is something of a change from the current six month cycle with the client certificates.
Tom -- Tom Hughes (tom@xxxxxxxxxx) http://compton.nu/ _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx