This library seems to support PAM integration in Ruby:
https://github.com/canweriotnow/rpam-ruby19
Em 16-05-2012 12:18, Rodrigo Rosenfeld Rosas escreveu:
Em 16-05-2012 11:59, caruccio escreveu:
You are right. There is no "this is more/less standard than that".
But, when talking about something so basic, so widespread and common,
like authentication, for me (and that is my personal opinion) seams
much more logic to start implementing the common-case.
LDAP, and this is a fact, is not as common as passwd authentication,
so I'd start by authenticating local users, then moving to PAM, LDAP
and database authentication. It's just a point of increasing complexity.
This is the first time I see someone requesting for PAM authentication
in this list. In the other side there was a number of requests for
LDAP support before it was implemented. So I don't understand why you
think PAM is more common than LDAP.
If you also take a look at other projects, there are a number of them
that do support LDAP, but I can't remember of an open-source web
application that is integrated to PAM.
I'm pretty sure that if you tell us what would be required to
integrate to PAM, someone could be interested on doing so. People here
know about Ruby, but not about PAM. If you know about PAM, but not
about Ruby, explaining how it works in implementation level detailed
requirements, I guess that would make this effort happen.
Of course I can do it myself, or pay someone at gitorious.org to do
it for me,
I said gitorious,com, not gitorious.org.
but hey, this is internet! Probably someone, somewhere has done it
already by simple pleasure (as I did before in other's projects). Why
not reuse?
Show us some open-source Ruby application that already integrates to
PAM and we could try to make it happen on Gitorious as well :)
Cheers,
Rodrigo.
On Wednesday, May 16, 2012 11:41:56 AM UTC-3, Rodrigo Rosenfeld Rosas
wrote:
I'd argument that LDAP is as standard as PAM. I don't understand
why you think that PAM is more "standard" than LDAP.
It is pretty common practice to re-enter the authentication
settings on each system you are integrating, just like it happens
on Redmine, ChiliProject and all other web systems I know about.
I don't consider this a duplication in the same sense when we
talk about programming.
You can consider writing a Chef recipe that will set up your
server for you. That way you would enter the credential settings
in a single place and your chef recipe would replicate them to
each configured application.
But the most important thing is that this is no valid argument
for not using an application just because it doesn't integrate to
PAM IMO.
That is why I'm wishing you good luck on trying to convince
someone to add support to PAM authentication for free just to
make you happy.
You can also try hire the Gitorious company to integrate it to PAM:
http://gitorious.com/
That would be more likely to work if this is so important to you.
Kind regards,
Rodrigo.
Em 16-05-2012 11:23, caruccio escreveu:
All my software already integrate fine because I use PAM as my
"auth gateway".
What I'm trying to point out is that gitorious could have a more
"standard" authentication module, like PAM, out of the box
(please note it's not a demand, only an observation).
On Wednesday, May 16, 2012 11:07:56 AM UTC-3, Rodrigo Rosenfeld
Rosas wrote:
Then I wish you luck on any software with authentication
that you intend to integrate to your server.
Em 16-05-2012 10:54, caruccio escreveu:
Can I use (import) my existing LDAP configuration into
gitorious automatically?
If not, it will be duplicated: one in /etc/ldap.conf and
another in authentication.yml
I mean, two files with same information is redundant
information (not good).
On Wednesday, May 16, 2012 9:25:25 AM UTC-3, Sebastian
Otaegui wrote:
How is authenticating directly against ldap duplicated
configuration?
On Wed, May 16, 2012 at 7:16 AM, caruccio
<[email protected] <mailto:[email protected]>> wrote:
Because the machine already authenticates against
LDAP (via PAM), and our IT do not accept duplicated
configuration for the simple purpose of
authentication (what makes sense for me).
I really want to use gitorious and become freed of
manual git management.
Last week I almost did a 'rm -r * module' (note an
extra space between '*' and 'module') on our entire
repository.
On Tuesday, May 15, 2012 4:18:20 PM UTC-3, caruccio
wrote:
Hello everybody.
Sorry for my just-joined-and-start-posting
behavior, but that was really necessary :(
Long story short: I need to authenticate my
gitorious web clients against local unix users
(in fact, it uses LDAP/PAM).
Is it possible? Where can I find help on this
topic?
That LDAPAuthenticator is not enough. My IT
department is all about 'internal policies' and
I need to fit their requirements.
PS: I'm completely illiterate in ruby. Maybe
it's time to learn some .rb :P
Thanks for any help,
Mateus Caruccio
--
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
