On 7/31/19 12:16 PM, Björn Persson wrote:
Fabio Valentini wrote:
> You can add your "kerberos account" to GNOME online accounts once, and
> it will automatically renew tickets for you.
> This way you'll never have to type your FAS password (or run kinit)
> for this again.
First, I don't use Gnome 3 because a software engineer's workstation has
other needs than a hand-held Facebook terminal.
Did you really have to include this? A simple 'I'm sorry, I don't use
Gnome' would have been fine...
Second, As I understand what I've been told about Gnome Online Accounts,
it would keep me constantly logged in to Fedora servers as long as I'm
logged in to my workstation. That's appropriate for a corporate network
or a university campus, which I suppose is what Kerberos is designed
for. It's not appropriate for a project that I sometimes contribute to
when I have time and when something needs doing.
Fedora needs an authentication method that authenticates on demand, not
proactively, using a keyring that isn't tied to a single desktop.
Things are moving (all be it slowly) toward OIDC.
Sorry they are all over the place right now...