On Wed, Mar 3, 2021 at 6:12 PM Kevin Fenzi <[email protected]> wrote: > > On Wed, Mar 03, 2021 at 05:26:46PM -0500, Neal Gompa wrote: > > On Wed, Mar 3, 2021, 5:13 PM Matthew Miller <[email protected]> > > wrote: > > > > > On Wed, Mar 03, 2021 at 01:53:28PM -0800, Kevin Fenzi wrote: > > > > 4) We could add some kind of GSSAPI/Kerberos support to pagure, so > > > > people could use https and a kerberos ticket. > > > > > > What's amount of effort required for this option? Because other than "it > > > might be a lot of work", it seems ideal, and would resolve a lot of other > > > cases where it's an extra step to have to configure an access token for > > > pagure. But "it might be a lot of work" is a pretty big con. > > > > > > If the answer is "yeah, it's a lot", I vote for whichever other option > > > makes > > > this a logical next step when there is time to do such work. > > > > > > > I don't think it would be that hard anymore. Recently, Pagure changed to > > proxy and handle Git via HTTPS, meaning that we can do whatever we want to > > authenticate pulls and pushes. > > Except this doesn't work currently for src.fedoraproject.org pagure, as > the OIDC tokens take over. :( >
Yeah, we need to fix this somehow. But it shouldn't be too hard, I think? We already have this setup for pagure.io... > > Ideally, we'd support it as a full login backend, so that logins this way > > would also generate accounts automatically. > > As long as those were pagure accounts, sure. > We don't want real system accounts. :) > Of course! These would be Pagure accounts, not Linux system accounts. > > We do have a ticket for GSSAPI for Git+HTTPS: > > https://pagure.io/pagure/issue/4995 > > Yeah, perhaps mod_auth_gssapi would be a short way to this. > > kevin > _______________________________________________ > infrastructure mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ infrastructure mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
