Mailinglist Archive: opensuse-features (291 mails)

< Previous Next >
[openFATE 309070] Allow authentification against remote http server
  • From: fate_noreply@xxxxxxx
  • Date: Wed, 19 May 2010 15:02:03 +0200 (CEST)
  • Message-id: <feature-309070-5@xxxxxxxxxxxxxx>
Feature changed by: Adrian Schröter (adrianSuSE)
Feature #309070, revision 5
Title: Allow authentification against remote http server

Buildservice: Evaluation
Priority
Requester: Important
Projectmanager: Desirable

Requested by: Adrian Schröter (adriansuse)
Developer: (Novell)
Developer: (Novell)

Description:
Implement authentification plugin for api which allows authentification
against remote http web server.
This may need changes in session handling.
We want to use this plugin and setup for opensuse.org and connect api.o.
o and build.o.o directly to internet without iChain proxy.

Discussion:
#1: Adrian Schröter (adriansuse) (2010-02-23 12:06:04)
Tom, we need your expertise here, what is possible with rails and what
makes sense.

#2: Thomas Schmidt (digitaltomm) (2010-02-24 18:22:49) (reply to #1)
This is possible for the api by modularizing our login (ldap, db,
opensuse-auth) methods. But the auth server would have to be able to
authenticate the users password with the novell ldap, we are usually
not allowed to do this.Session handling would be needed here to avoid
authenticating each request, and should be not much work.
For the communication between the webclient and the api we need a
secure way to tell the api that the user is already authenticated,
maybe with a secret key?
-  


#3: Jens Staal (staalmannen) (2010-02-24 23:57:09)
I know of a staging authorization server for the kernel (p9auth,
article found at: http://doi.acm.org/10.1145/1400097.1400101) which
apparently (at least on Plan9) deals with these issues (if I have
understood it correctly) in an encrypted way. This staging driver might
be kicked out in .34 due to low activity...which seems a pitty.
According to those smarter than me - this is a really interesting
approach to authorization (which even can make user/root obsolete if
there are private namespaces...but I have very little theoretical
knowledge of this).

+ #4: Adrian Schröter (adriansuse) (2010-05-19 15:02:06)
+ Not for 2.0 anymore, moving to 2.5.



--
openSUSE Feature:
https://features.opensuse.org/309070

< Previous Next >
This Thread
  • No further messages