You are right. There is no "this is more/less standard than that". But, when talking about something so basic, so widespread and common, like authentication, for me (and that is my personal opinion) seams much more logic to start implementing the common-case.
LDAP, and this is a fact, is not as common as passwd authentication, so I'd start by authenticating local users, then moving to PAM, LDAP and database authentication. It's just a point of increasing complexity. Of course I can do it myself, or pay someone at gitorious.org to do it for me, but hey, this is internet! Probably someone, somewhere has done it already by simple pleasure (as I did before in other's projects). Why not reuse? On Wednesday, May 16, 2012 11:41:56 AM UTC-3, Rodrigo Rosenfeld Rosas wrote: > > I'd argument that LDAP is as standard as PAM. I don't understand why you > think that PAM is more "standard" than LDAP. > > It is pretty common practice to re-enter the authentication settings on > each system you are integrating, just like it happens on Redmine, > ChiliProject and all other web systems I know about. > > I don't consider this a duplication in the same sense when we talk about > programming. > > You can consider writing a Chef recipe that will set up your server for > you. That way you would enter the credential settings in a single place and > your chef recipe would replicate them to each configured application. > > But the most important thing is that this is no valid argument for not > using an application just because it doesn't integrate to PAM IMO. > > That is why I'm wishing you good luck on trying to convince someone to add > support to PAM authentication for free just to make you happy. > > You can also try hire the Gitorious company to integrate it to PAM: > > http://gitorious.com/ > > That would be more likely to work if this is so important to you. > > Kind regards, > Rodrigo. > > Em 16-05-2012 11:23, caruccio escreveu: > > All my software already integrate fine because I use PAM as my "auth > gateway". > > What I'm trying to point out is that gitorious could have a more > "standard" authentication module, like PAM, out of the box (please note > it's not a demand, only an observation). > > > > On Wednesday, May 16, 2012 11:07:56 AM UTC-3, Rodrigo Rosenfeld Rosas > wrote: >> >> Then I wish you luck on any software with authentication that you intend >> to integrate to your server. >> >> Em 16-05-2012 10:54, caruccio escreveu: >> >> Can I use (import) my existing LDAP configuration into gitorious >> automatically? >> If not, it will be duplicated: one in /etc/ldap.conf and another >> in authentication.yml >> I mean, two files with same information is redundant information (not >> good). >> >> On Wednesday, May 16, 2012 9:25:25 AM UTC-3, Sebastian Otaegui wrote: >>> >>> How is authenticating directly against ldap duplicated configuration? >>> >>> >>> On Wed, May 16, 2012 at 7:16 AM, caruccio >>> <[email protected]<[email protected]> >>> > wrote: >>> >>>> Because the machine already authenticates against LDAP (via PAM), and >>>> our IT do not accept duplicated configuration for the simple purpose of >>>> authentication (what makes sense for me). >>>> >>>> I really want to use gitorious and become freed of manual git >>>> management. >>>> Last week I almost did a 'rm -r * module' (note an extra space between >>>> '*' and 'module') on our entire repository. >>>> >>>> >>>> >>>> >>>> On Tuesday, May 15, 2012 4:18:20 PM UTC-3, caruccio wrote: >>>> >>>>> Hello everybody. >>>>> >>>>> Sorry for my just-joined-and-start-posting behavior, but that was >>>>> really necessary :( >>>>> >>>>> Long story short: I need to authenticate my gitorious web clients >>>>> against local unix users (in fact, it uses LDAP/PAM). >>>>> >>>>> Is it possible? Where can I find help on this topic? >>>>> That LDAPAuthenticator is not enough. My IT department is all about >>>>> 'internal policies' and I need to fit their requirements. >>>>> >>>>> PS: I'm completely illiterate in ruby. Maybe it's time to learn some >>>>> .rb :P >>>>> >>>>> Thanks for any help, >>>>> Mateus Caruccio >>>>> >>>> >>>> > -- To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected]
