[CentOS-devel] Proposal: CBS/Infrastructure Meeting 15-Sep-2014 13:00 UTC

Wed Sep 17 10:25:52 UTC 2014
Howard Johnson <merlin at mwob.org.uk>

On 16/09/2014 21:24, Fabian Arrotin wrote:
> Yes, the main blocker on CBS isn't (at the moment) the central 
> authentication. Koji supports both kerberos and x509 certificates. The 
> IPA/FAS discussion is related but not directly required for the CBS 
> effort. That's the reason why , due to the small amount of people 
> requiring CBS access $now, it was decided with Thomas to start small, 
> with our own internal CA to generate our keys/certs for koji and let 
> people start using the CBS platform. In parallel, the FAS/IPA/other 
> solution discussion can be held/debated/selected. And we'll always 
> have a solution to migrate CBS to the other x509 setup we'll have in 
> production.

Speaking personally, I'm quite an IPA advocate, and have done a bunch of 
work customising it for $employer and tying various bits of software 
into it as an authn/authz source.  However, I'm trying not to push it 
too hard (not least because I had a brief chat with Jim, and he said 
that there were some issues around using it that'd require potential 
functionality development in IPA itself, some of which may not be 
trivial).  FAS works nicely for Fedora, and the potential for federating 
Fedora and CentOS FAS does sound quite appealing.

Is there somewhere we can start collating requirements for the auth 
system?  The Trello board, or a wiki page maybe?  We could use that to 
start making a requirements vs software features matrix to help guide 
our descisions.

( I also missed the #centos-devel conversation, and need to go back and 
read the logs )

-- 
HJ