Am Mittwoch, 21. September 2011 schrieb Michal Hrusecky:
Stephan Kulow - 10:53 21.09.11 wrote:
Am Mittwoch, 21. September 2011 schrieb Michal Hrusecky:
What is login.opensuse.org and how it works? Strange question, but is it documented somewhere? And isn't it just another iChain instance? AFAIK
No, it's our own implementation.
Ok, so it is our own implementation of something like iChain, nonstandard and undocumented? Sounds great :-D No, it's apache doing basic auth and a proxy caching the session. http://www.gitorious.org/opensuse/apache-mod_auth_memcookie
Connect is behind some proxy that provides authentication which is impossible (or at least hard) to do on servers hosted out of our internal network. So if we are going to move some services out of Provo,
connect is behind login.opensuse.org, yes. And there is no reason why the authenification can't stay behind login.opensuse.org if the real traffic is then directly to the hoster.
We can then later switch from ldap auth to connect auth, but for now I consider it a major regression if I need different accounts for different openSUSE services.
Interesting point from this response is, the LDAP you are talking about, I guess we don't have access to it, right? It would make things much simpler.
I'm talking about the novell account LDAP, yes. and login.oo is the only host that has access to it - and all other hosts have no access to the password, which is a very big adventage. I'm not argueing that openid doesn't have the same advantage, but openid is a completely different beast and "getting rid of ichain" doesn't translate to "use openid" to me.
Do we have control over login.opensuse.org? One of the issues with
As I said: it's our own.
iChain is that whenever we need something, it has to go through Provo. Yes, but provo ichain we only use for stuff hosted in provo right now. Wiki and bugzilla basically.
Other reason is that whenever we want to set up new website (if we want to update bugzilla, mediawiki, if we decide that we want something else) we need to create/maintain iChain authentication plugin while openID is widely supported. With login.opensuse.org, just name would change from iChain to login.opensuse.org. And if we will be setting up new infrastructure, I think it would be a good opportunity to get rid of some legacy technologies we have around. If we would get our hands on that LDAP, we could just setup Connect to use it and provide openID fro everybody else. So same login/password, just different way...
Yes, connect can be the openid provider, but it can still authenficate against login.opensuse.org aka ichain creditionals. login.opensuse.org can be the openid provider itself too I guess, but having it in connect makes future changes easier. Greetings, Stephan -- To unsubscribe, e-mail: opensuse-boosters+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-boosters+help@opensuse.org