Re: Authentication in fedpkg
On Wed, Jul 31, 2019 at 3:46 PM Kevin Fenzi <kevin(a)scrye.com> wrote:
On 7/31/19 12:16 PM, Björn Persson wrote:
> Fabio Valentini wrote:
>> You can add your "kerberos account" to GNOME online accounts once,
and
>> it will automatically renew tickets for you.
>> This way you'll never have to type your FAS password (or run kinit)
>> for this again.
>
> First, I don't use Gnome 3 because a software engineer's workstation has
> other needs than a hand-held Facebook terminal.
Did you really have to include this? A simple 'I'm sorry, I don't use
Gnome' would have been fine...
>
> Second, As I understand what I've been told about Gnome Online Accounts,
> it would keep me constantly logged in to Fedora servers as long as I'm
> logged in to my workstation. That's appropriate for a corporate network
> or a university campus, which I suppose is what Kerberos is designed
> for. It's not appropriate for a project that I sometimes contribute to
> when I have time and when something needs doing.
>
> Fedora needs an authentication method that authenticates on demand, not
> proactively, using a keyring that isn't tied to a single desktop.
Things are moving (all be it slowly) toward OIDC.
Are we talking about OIDC like how Bodhi does it or like how fedpkg
https auth does it?
Because the latter is pretty difficult to use when you're in a server
environment. :(
Sorry they are all over the place right now...
We'll eventually get there...
--
真実はいつも一つ!/ Always, there's only one truth!