Hi Andy El 26/7/19 a las 21:15, Andy Simpkins escribió: > Hi there > > I believe that I am sending this email to the correct people [0]
I think so :-) > > The DebconfVideo team use storm quite a bit for team management, > documentation etc. Great! Presently authentication is only available for users > with accounts on systems outside of Debian's control (i.e. GitHub or > Google). I consider this unacceptable from a privacy point of view, and > so use the tedious method of regular email token exchange for the > purpose of login. I'm not sure about the technical details, but I only use the email authenticated method and I think a cookie or some browser setting can be set so you don't need to ask for the token every time. In any case I understand that can be tedious experience. > > I understand that sandstorm 'can' use our LDAP for the purposes of user > authentication thus avoiding users being tracked outside of Debian > infrastructure [1]. > > Is this something that you would consider enabling? I would hope this > would be simpler than implementing Debian SSO which may be more > complicated but perhaps more desirable. > With my admin privileges in Sandstorm, in its own admin interface, I can see the following options: https://storm.debian.net/admin/organization Sandstorm allows you to define an organization. You can automatically apply some settings to all members of your organization. Users within the organization will automatically be able to log in, install apps, and create grains. Organization membership [ ] Users authenticated via email address Domain: ____________ Users with an email address at this domain will be members of this server's organization. [ ] Users authenticated via Google Apps for Work Domain: __________ Users with a Google Apps for Work account under this domain will be members of this server's organization. [ ] Users authenticated via LDAP Note: disabled because LDAP login is not configured. [ ] Users authenticated via SAML Note: disabled because SAML login is not configured. >From the above, I've just ticked the "[X] Users authenticated via email address" and added "debian.org" as domain. Can you try if it makes a difference in your experience of login in? and Would that be enough or would you need people with no @debian.org address to access too? About LDAP, I guess Asheesh knows better about that than me (both in the Sandstorm and in the Debian side) so I didn't dare yet to go and try to configure the service in Sandstorm (and if it needs some setting in the machine, I have no permissions there, I just tweak the web interace), but for the case Asheesh cannot find the time to look at this, I will try to read the documentation and figure out what can I do (but not before debconf19 ends, probably...). Cheers -- Laura Arjona Reina https://wiki.debian.org/LauraArjona
