Hooking into account system for web auth

Jesse Keating jkeating at redhat.com
Wed Nov 22 21:53:38 UTC 2006 

On Tuesday 21 November 2006 20:34, Elliot Lee wrote:
> I think that works within the context of Fedora as a whole, but  
> moving into hosted territory means you have to adopt more of a  
> sourceforge mentality, where your job is to give as much control as  
> possible to the project owner, and let them make decisions such as  
> who can participate. In order to let each project owner make access  
> decisions independantly, you would need a separate account.

I'm still not so sure you would.  For a source repo, there would be a new 
group, and the existing user who is the admin for a project would be made the 
admin of this group.  (S)He could then approve/deny requests to join the 
source group for write access.

> It sounds like trac has some 'webadmin' thing for controlling  
> people's access - I think it's a bad idea to go with that. Properly  
> tying trac into the Fedora account system means making it so that  
> full control of both authentication & authorization is done through  
> the FAS. In the long run, it'll be a lot nicer to be able to go to  
> one place to control people's access levels for everything. (Not to  
> say that FAS v1 is the right way to do it, just suggesting a good  
> goal  for the future :)

This _may_ be possible in the future, however the only real authorization that 
we need to set in Trac is the initial admin.  The trac webadmin is mostly for 
setting up urls and project summaries, and ticket components, milestones, 
etc..  All of this is highly trac instance specific.  There _is_ some 
management of who can open/close bugs I do believe, and who is a default 
owner of bugs, but again its all instance specific.  I think for the first 
instance of Fedora Hosted Projects this would be perfectly serviceable and if 
problems arise we can look at fixing them, or more tightly integrating trac 
with FAS v2 for Fedora Hosted Projects v2.

-- 
Jesse Keating
Release Engineer: Fedora
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20061122/243d3c41/attachment.bin

More information about the infrastructure mailing list