My dgit service would like every DM to have access to its restricted ssh command on the new VM gideon. This is a necessary condition for providing DMs with dgit push access to their authorised packages.
(I seem to remember talking to various people about this before but I can't remember who and I don't seem to have a record, so maybe it was in person or on IRC. So sorry if I'm repeating myself.) As I understand it the correct way to implement this would be for DMs to have accounts in LDAP. (Presumably flagged in some appropriate way so that they don't get more permissions than necessary.) Is this something that DSA and DM-keyring are happy with ? If so, how can we make it happen ? If this is not a good idea, or too hard, then I'm open to alternative suggestions. In the worst case I could set up some kind of robot which would accept PGP-signed ssh keys, and ask DSA to fold its output into the dgit service user's ssh account authorized_keys. But that seems like an undesirable bodge to me. Thanks, Ian. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
