www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: Centralised authentication/authorisation
Date Mon, 15 Dec 2008 17:00:05 GMT
Tony Stevenson wrote:

>> What is your definition of "core-services"?
> As stated a few times the basic we want to support, intially at least, 
> are SVN and shell access to people.a.o

Fair enough.

Let me explain better where I am coming from. When you have an LDAP 
server, you inherit a support burden, which is completely independent of 
what you want to use the LDAP server for.

Key things are how the data ends up in the LDAP server in the first 
place, how people are able to manage their passwords without the schlepp 
of having to log into p.a.o and use a protocol they may or may not be 
familiar with.

I have spent a good 18 months solving this particular problem, with a 
combination of additional features to httpd, and some small web based 
apps that were designed for this purpose. What I am offering is that I 
set up this up for you, and in the process potentially remove the 
problems of password management and distribution, and other future 
problems such as new user account creation.

No, we don't have to set this up right now.

I am however throwing this suggestion into the ring now, so that people 
are aware this work exists, and in an effort to ensure no wheels are 
reinvented unnecessarily.

> Anything other than that will fall into a following phase of the 
> deployment. I don't think we could sustain a big-bang cut over to LDAP 
> for all public services from day 1.

Obviously, I was not proposing any kind of big bang cutover of anything. 
Any cutover should happen in a leisurely controlled fashion, as people 
are comfortable with doing so, and as confidence grows in the stability 
of the service.


View raw message