-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

So,

We've been discussing randomly about this for quite some time now, and things always get in the way .. But let's try to continue the thread around this and also get forward.

Following our CBS/Infra meeting held today (minutes available here : http://www.centos.org/minutes/2014/november/ ) , we started a requirements list about what the centralized authentication system should support.

Long story short : more and more tools need a central users DB and puppet (our current CM tool for centos.org infra) doesn't scale for that. The first tool that needs it is Koji (for the CBS - http://cbs.centos.org - builders) but other are still to come. We've temporary found a "workaround" for Koji, in a sense that we've created our internal CA and are signing x509 certs with that local CA, but switching to something that scales was on the list since "Day 1"

In the short list, we have selected IPA and FAS. The requirement list is there : http://wiki.centos.org/InfraWiki/CentralizedAuth (still a draft, and to be completed)

Feel free to comment here, or update the wiki (if you have already edit rights, otherwise feel free to ping someone from the infra team)

Cheers,

- --

Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab