Re: story of kerberos

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2017-09-06 at 09:51 -0700, Kevin Fenzi wrote:
> On 09/06/2017 05:25 AM, Nikos Mavrogiannopoulos wrote:
> > Hi,
> >  What's the story between the recently introduced support of
> > kerberos
> > in koji? My understanding was that eventually all services of
> > fedora
> > would switch to kerberos authentication, though information on the
> > following bugs for bodhi seems to contradict that:
> > 
> > https://bugzilla.redhat.com/show_bug.cgi?id=1483538
> > https://github.com/fedora-infra/bodhi/issues/1179
> 
> I'm not sure where you got the understanding that everything was
> moving
> to kerberos. Did we say that somewhere?
> > In fact currently we have:
> >  * To change code: ssh public key authentication
> >  * To compile changed code: koji: kerberos ticket
> >  * To submit a changed package: bodhi: raw passwords
> >  * To subscribe to a mailing list: lists.fedoraproject.org: openid?
> > 
> > and probably few more options that I missed. Is there an
> > integration
> > story behind all these, or is it intentional that various different
> > services will require different credentials?
> 
>  For ssh keys, we are looking at various options. Possibly ssh
> certificates. Patrick has been investigating this.

It would really increase usability to have kerberos auth in SSH. Having
another credential like ssh certificate would mean even more stuff to
take care of as fedora developer.


> For all the web apps we have now (except wiki, but it should move
> soon),
> we should have openid or openid-connect. In that case if you have a
> valid kerberos ticket, your browser is configured right (default in
> all
> recent ones), you automatically can authenticate via ipsilon.
> 
> ie, you click the login thing, it redirects to ipsilon, which sees
> you
> have a valid kerberos ticket and just authenticates you. Do you not
> see this happening there?

It works with the browser indeed. Would it work with command line tools
like bodhi as well?

regards,
Nikos
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux