Locking Down Access to Beaker

Nick Coghlan ncoghlan at redhat.com
Mon Dec 2 01:42:26 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/22/2013 04:26 AM, Tim Flink wrote:
> After a conversation with infra, we decided to lock down access to 
> beaker.fedoraproject.org by IP address until we have a more secure 
> solution for logins [1].
> 
> I've changed the server configuration so that access to beaker is
> only allowed from certain IPs. I think that most current users
> should be included in this list but if you're seeing 403s and think
> you should have access to beaker.fedoraproject.org, please let me
> know.
> 
> Sorry for the inconvenience, we hope to have an alternate access
> method soon.

A status update from the Beaker side:

- - Beaker 0.16 will salt passwords properly, so the default password
based auth will be more suitable for the big bad world of the
internet. 0.16 is currently expected to land sometime in late January
(unfortunately, fixing it properly needed a DB schema change for the
password storage, which ruled out the idea of fixing it in a
maintenance release).

- - I'm giving a talk on Beaker at the continuous integration miniconf
at LCA in Perth (Jan 6-10), so it would be nice to have at least
read-only anonymous access from the wider internet by then. It's not a
big drama if it isn't (I'll have a demo instance set up on my laptop
regardless), but being able to suggest people take a look at a real
installation would be a nice bonus :)

Cheers,
Nick.

- -- 
Nick Coghlan
Red Hat Hosted & Shared Services
Software Engineering & Development, Brisbane

Testing Solutions Team Lead
Beaker Development Lead (http://beaker-project.org/)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSm+WCAAoJEHEkJo9fMO/LanUIAKZ79E2Lj4ANEHdXQ625V9Fo
hn3uGzuYubomfYzAHGPNQb7GIY68W7GgdlXxQ0AZurNjo2Wwhfi/342yh9un7d7K
jCEV7mHWxFSOYXNEA6hDSNtirFEOJUUNn6pdNSd3W1WeTOyoNch422DDrnLkbScQ
CNLCDuSd9PoXW/hyu7H3jC+fGQLCvjQLgP0A9pTAPrVlUIuDojUz/b9jAz1PhFUA
BeBL9dJESof3abNQIzkiRX9GUzNcxCJtKPSsWCuOEZe13b457NLDOfUaaFe5BS4J
kXEbibKUS4lTwLnR3VYyiFXTSa1fvR+cqNI7zcNCsbqwZWKHNSElCDHlVla6YqU=
=CAED
-----END PGP SIGNATURE-----

More information about the qa-devel mailing list