On Wed, 2017-09-06 at 09:51 -0700, Kevin Fenzi wrote: > On 09/06/2017 05:25 AM, Nikos Mavrogiannopoulos wrote: > > Hi, > > What's the story between the recently introduced support of > > kerberos > > in koji? My understanding was that eventually all services of > > fedora > > would switch to kerberos authentication, though information on the > > following bugs for bodhi seems to contradict that: > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1483538 > > https://github.com/fedora-infra/bodhi/issues/1179 > > I'm not sure where you got the understanding that everything was > moving > to kerberos. Did we say that somewhere? > > In fact currently we have: > > * To change code: ssh public key authentication > > * To compile changed code: koji: kerberos ticket > > * To submit a changed package: bodhi: raw passwords > > * To subscribe to a mailing list: lists.fedoraproject.org: openid? > > > > and probably few more options that I missed. Is there an > > integration > > story behind all these, or is it intentional that various different > > services will require different credentials? > > For ssh keys, we are looking at various options. Possibly ssh > certificates. Patrick has been investigating this. It would really increase usability to have kerberos auth in SSH. Having another credential like ssh certificate would mean even more stuff to take care of as fedora developer. > For all the web apps we have now (except wiki, but it should move > soon), > we should have openid or openid-connect. In that case if you have a > valid kerberos ticket, your browser is configured right (default in > all > recent ones), you automatically can authenticate via ipsilon. > > ie, you click the login thing, it redirects to ipsilon, which sees > you > have a valid kerberos ticket and just authenticates you. Do you not > see this happening there? It works with the browser indeed. Would it work with command line tools like bodhi as well? regards, Nikos _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
