[CentOS-devel] Proposal: CBS/Infrastructure Meeting 15-Sep-2014 13:00 UTC

Tue Sep 16 20:24:43 UTC 2014
Fabian Arrotin <fabian.arrotin at arrfab.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 16/09/14 22:11, Karsten Wade wrote:
> 
>>> I missed the meeting this week but read the log. It seemed one
>>> of our major blockers in the auth system. I was thinking it
>>> might be useful if we setup an instance of FreeIPA and Fedora
>>> Account System (FAS) to do a side-by-side comparison?
> 
> BTW, I just learned in #centos-devel that auth is not actually a 
> blocker for progress with Koji, which is good news. (Also means I 
> should re-read the IRC log again :D )
> 
> We can work in parallel to test FreeIPA and FAS, and when a
> solution is delivered, switch Koji to use that.
> 
> - Karsten

Yes, the main blocker on CBS isn't (at the moment) the central
authentication.
Koji supports both kerberos and x509 certificates. The IPA/FAS
discussion is related but not directly required for the CBS effort.
That's the reason why , due to the small amount of people requiring
CBS access $now, it was decided with Thomas to start small, with our
own internal CA to generate our keys/certs for koji and let people
start using the CBS platform.

In parallel, the FAS/IPA/other solution discussion can be
held/debated/selected. And we'll always have a solution to migrate CBS
to the other x509 setup we'll have in production.

Cheers,

- -- 
Fabian Arrotin
gpg key: 56BEC54E | twitter: @arrfab
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlQYnIsACgkQnVkHo1a+xU7SugCdEGva/HGVO4uVQuVdcTH4YuXw
UxkAn1+WYod0jmE84z52BxDfEZn1bTG1
=qkaV
-----END PGP SIGNATURE-----