-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 16/09/14 22:11, Karsten Wade wrote:
I missed the meeting this week but read the log. It seemed one of our major blockers in the auth system. I was thinking it might be useful if we setup an instance of FreeIPA and Fedora Account System (FAS) to do a side-by-side comparison?
BTW, I just learned in #centos-devel that auth is not actually a blocker for progress with Koji, which is good news. (Also means I should re-read the IRC log again :D )
We can work in parallel to test FreeIPA and FAS, and when a solution is delivered, switch Koji to use that.
- Karsten
Yes, the main blocker on CBS isn't (at the moment) the central authentication. Koji supports both kerberos and x509 certificates. The IPA/FAS discussion is related but not directly required for the CBS effort. That's the reason why , due to the small amount of people requiring CBS access $now, it was decided with Thomas to start small, with our own internal CA to generate our keys/certs for koji and let people start using the CBS platform.
In parallel, the FAS/IPA/other solution discussion can be held/debated/selected. And we'll always have a solution to migrate CBS to the other x509 setup we'll have in production.
Cheers,
- -- Fabian Arrotin gpg key: 56BEC54E | twitter: @arrfab