On 16/08/16 10:30, Fabian Arrotin wrote:
For existing resources within centos.org that we deployed before ACO was available, those were configured to use their built-in users DB. So we can invest time to see which are the possibilities to be tied to ACO but it needs at least some glue, like for example token/oauth. Actually, ACO on its own can't do that (nor is "ldap" compatible) so we need to setup something in between (like what's done for the Fedora project) to do that, like either ipsilon (https://ipsilon-project.org/) or keycloak (http://www.keycloak.org/)
prolly worth looking at keycloak once
But the remaining issue would then be to have *everybody* signing through ACO to get an account that will match with each deployed applications (like MantisBT for bugs.centos.org and so on). So you can imagine the impact
Would we not be able to rehash the user accounts from bugs.centos.org over to a.c.o ? and send them all a reminder to set a new password ?