On 17 September 2014 04:25, Howard Johnson <merlin at mwob.org.uk> wrote: > > On 16/09/2014 21:24, Fabian Arrotin wrote: > >> Yes, the main blocker on CBS isn't (at the moment) the central >> authentication. Koji supports both kerberos and x509 certificates. The >> IPA/FAS discussion is related but not directly required for the CBS effort. >> That's the reason why , due to the small amount of people requiring CBS >> access $now, it was decided with Thomas to start small, with our own >> internal CA to generate our keys/certs for koji and let people start using >> the CBS platform. In parallel, the FAS/IPA/other solution discussion can be >> held/debated/selected. And we'll always have a solution to migrate CBS to >> the other x509 setup we'll have in production. >> > > Speaking personally, I'm quite an IPA advocate, and have done a bunch of > work customising it for $employer and tying various bits of software into > it as an authn/authz source. However, I'm trying not to push it too hard > (not least because I had a brief chat with Jim, and he said that there were > some issues around using it that'd require potential functionality > development in IPA itself, some of which may not be trivial). FAS works > nicely for Fedora, and the potential for federating Fedora and CentOS FAS > does sound quite appealing. > > Well I am not sure that FAS allows for federation yet :). I like to think of FAS as Kerberos done by people who hated Kerberos but generally adding in various features over time :). I personally have no horse in this race. I can help with getting a FAS up and relay problems we run into for the FAS3 development group which is working this December. I can also learn how FreeIPA works and help out there if possible. > Is there somewhere we can start collating requirements for the auth > system? The Trello board, or a wiki page maybe? We could use that to > start making a requirements vs software features matrix to help guide our > descisions. > > ( I also missed the #centos-devel conversation, and need to go back and > read the logs ) > > -- > HJ > > _______________________________________________ > CentOS-devel mailing list > CentOS-devel at centos.org > http://lists.centos.org/mailman/listinfo/centos-devel > -- Stephen J Smoogen. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140917/35f37d61/attachment-0008.html>