[CentOS-devel] Proposal: CBS/Infrastructure Meeting 15-Sep-2014 13:00 UTC

Wed Sep 17 20:46:22 UTC 2014
Stephen John Smoogen <smooge at gmail.com>

On 17 September 2014 04:25, Howard Johnson <merlin at mwob.org.uk> wrote:

>
> On 16/09/2014 21:24, Fabian Arrotin wrote:
>
>> Yes, the main blocker on CBS isn't (at the moment) the central
>> authentication. Koji supports both kerberos and x509 certificates. The
>> IPA/FAS discussion is related but not directly required for the CBS effort.
>> That's the reason why , due to the small amount of people requiring CBS
>> access $now, it was decided with Thomas to start small, with our own
>> internal CA to generate our keys/certs for koji and let people start using
>> the CBS platform. In parallel, the FAS/IPA/other solution discussion can be
>> held/debated/selected. And we'll always have a solution to migrate CBS to
>> the other x509 setup we'll have in production.
>>
>
> Speaking personally, I'm quite an IPA advocate, and have done a bunch of
> work customising it for $employer and tying various bits of software into
> it as an authn/authz source.  However, I'm trying not to push it too hard
> (not least because I had a brief chat with Jim, and he said that there were
> some issues around using it that'd require potential functionality
> development in IPA itself, some of which may not be trivial).  FAS works
> nicely for Fedora, and the potential for federating Fedora and CentOS FAS
> does sound quite appealing.
>
>
Well I am not sure that FAS allows for federation yet :). I like to think
of FAS as Kerberos done by people who hated Kerberos but generally adding
in various features over time :).

I personally have no horse in this race. I can help with getting a FAS up
and relay problems we run into for the FAS3 development group which is
working this December. I can also learn how FreeIPA works and help out
there if possible.



> Is there somewhere we can start collating requirements for the auth
> system?  The Trello board, or a wiki page maybe?  We could use that to
> start making a requirements vs software features matrix to help guide our
> descisions.
>
> ( I also missed the #centos-devel conversation, and need to go back and
> read the logs )
>
> --
> HJ
>
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> http://lists.centos.org/mailman/listinfo/centos-devel
>



-- 
Stephen J Smoogen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140917/35f37d61/attachment-0008.html>