Hello, we have an initial setup for the new sso.debian.org based on client certificates. Certificate generation is on sso.debian.org and contributors.debian.org and nm.debian.org already accept certificate authentication.
I would like to have some code review and QA before announcing it widely. Basic documentation is here: https://wiki.debian.org/DebianSingleSignOn#Experimental_new_SSO The system is based on client certificates generated via SPKAC. The server-side code that generates the certificates is in this Django app: http://anonscm.debian.org/cgit/debian-sso/debian-sso.git/tree/spkac If you do not know Django but know openssl quite well, you can help a lot by auditing this source: http://anonscm.debian.org/cgit/debian-sso/debian-sso.git/tree/spkac/ca.py Client-side, this is the apache configuration: https://wiki.debian.org/DebianSingleSignOn#Documentation_for_web_application_owners-1 This is the bit that verifies certificates, if you are familiar with Django auth machinery, I'd especially welcome your input: http://anonscm.debian.org/cgit/nm/dc.git/tree/django_dacs/auth.py The git repository for all the sites is linked at the bottom of every page. QA-wise, I could especially use patches that add some helpful text to the pages that do certificate generation, as I feel like I have too much of the backend in my head to be able to generate meaningful help text. The templates are here: http://anonscm.debian.org/cgit/debian-sso/debian-sso.git/tree/spkac/templates/spkac Thanks! Enrico -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enr...@enricozini.org>
signature.asc
Description: Digital signature