| 1 |
On 18-05-2020 18:42:24 -0700, Alec Warner wrote: |
| 2 |
> TL;DR: What if we launched id.gentoo.org[1], an identity provider that provides |
| 3 |
> authentication for Gentoo properties? Basically, 1 username / password for wiki, |
| 4 |
> bugs, email, forums, and any other http service[0][1]. |
| 5 |
|
| 6 |
I'd be in favour of SSO for all http-, imap- and smtp-based Gentoo services. |
| 7 |
|
| 8 |
Thanks, |
| 9 |
Fabian |
| 10 |
|
| 11 |
> |
| 12 |
> Today Gentoo has numerous systems that mostly work in a segmented way. |
| 13 |
> |
| 14 |
> - To connect to hosts, we use ssh keys. |
| 15 |
> - Git is authenticated via ssh keys. |
| 16 |
> - Email uses LDAP passwords. |
| 17 |
> - Bugzilla has its own identities, with their own passwords. |
| 18 |
> - Wiki is separate, with its own passwords. |
| 19 |
> - Forums are separate. |
| 20 |
> - Infra has an additional 4 systems that use separate credentials. |
| 21 |
> |
| 22 |
> Some applications support 2FA (such as wiki.) |
| 23 |
> Some applications do not support 2FA. |
| 24 |
> Applications that require 2FA have a configuration for each app, so you have N |
| 25 |
> configurations. |
| 26 |
> |
| 27 |
> If we configured id.gentoo.org[2] you would have 1 identity across all gentoo |
| 28 |
> properties. |
| 29 |
> |
| 30 |
> Is this a thing people are interested in? |
| 31 |
> |
| 32 |
> [0] It's unlikely operations for git via ssh would change in this rollout. |
| 33 |
> [1] Its unclear if the scope is "gentoo developers" or "any community member." |
| 34 |
> The former have LDAP accounts and @gentoo.org[3] email addresses and so we can |
| 35 |
> manage them easily; managing 1000s of other accounts in the IDP remains to be |
| 36 |
> seem. |
| 37 |
> |
| 38 |
> |
| 39 |
> References |
| 40 |
> 1. http://id.gentoo.org |
| 41 |
> 2. http://id.gentoo.org |
| 42 |
> 3. http://gentoo.org |
| 43 |
|
| 44 |
-- |
| 45 |
Fabian Groffen |
| 46 |
Gentoo on a different level |
Archives