-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 16/09/14 22:11, Karsten Wade wrote: > >>> I missed the meeting this week but read the log. It seemed one >>> of our major blockers in the auth system. I was thinking it >>> might be useful if we setup an instance of FreeIPA and Fedora >>> Account System (FAS) to do a side-by-side comparison? > > BTW, I just learned in #centos-devel that auth is not actually a > blocker for progress with Koji, which is good news. (Also means I > should re-read the IRC log again :D ) > > We can work in parallel to test FreeIPA and FAS, and when a > solution is delivered, switch Koji to use that. > > - Karsten Yes, the main blocker on CBS isn't (at the moment) the central authentication. Koji supports both kerberos and x509 certificates. The IPA/FAS discussion is related but not directly required for the CBS effort. That's the reason why , due to the small amount of people requiring CBS access $now, it was decided with Thomas to start small, with our own internal CA to generate our keys/certs for koji and let people start using the CBS platform. In parallel, the FAS/IPA/other solution discussion can be held/debated/selected. And we'll always have a solution to migrate CBS to the other x509 setup we'll have in production. Cheers, - -- Fabian Arrotin gpg key: 56BEC54E | twitter: @arrfab -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlQYnIsACgkQnVkHo1a+xU7SugCdEGva/HGVO4uVQuVdcTH4YuXw UxkAn1+WYod0jmE84z52BxDfEZn1bTG1 =qkaV -----END PGP SIGNATURE-----