Re: upcoming build and release developer flag day December 12 2016

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 20/11/16 01:11, Dennis Gilmore wrote:

koji authentication will be switching to Kerberos. Koji supports multiple
authentication mechanisms. Fedora infrastructure has set up a freeipa instance
internally that has credential syncing to fas. We are working on ensuring that
gssapi caching is supported so that you can have multiple TGT's and the
ability to work in multiple reams at once. you can get started today by doing
kinit <fas username>@FEDORAPROJECT.ORG if you move your ~/.fedora.cert file
out of the way authentication will still work.

Bearing in mind that I've never used kerberos before, so I may be misunderstanding something completely here, a little experimentation suggests that currently the longest ticket lifetime we can request with kinit is 24 hours?

It looks like it can be renewed up to a week (well six days, plus the one day lifetime of the final ticket) but you do have to remember to keep renewing before the 24 hour expiry is reached.

All of which is something of a change from the current six month cycle with the client certificates.

Tom

--
Tom Hughes (tom@xxxxxxxxxx)
http://compton.nu/
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux