Re: Single Sign On for Debian
On Tue, 22 Aug 2017 18:10:39 +0200
Geert Stappers <firstname.lastname@example.org> wrote:
> On Tue, Aug 22, 2017 at 04:29:49PM +0200, gregor herrmann wrote:
> > On Tue, 22 Aug 2017 09:45:10 +0200, Alexander Wirt wrote:
> > > Specifially one LDAP (db.d.o.) Backend and one Oauth2 (gitlab) Backend?
> > [...]
This seems like backward thinking to me.
> Thing that I hope is that Alioth successors will have the various services
> on separate machines. So that we have not again the situation when replacing
> a Source Code Management system we also have to replace the machine
> with all the -guest accounts.
I whole heartedly agree! One of the current challenges with replacing Alioth is
because of how many services it's providing. If Alioth were not being used for
guest accounts, this wouldn't even be a discussion.
Using Gitlab (or any VCS) as the user db for guest accounts means adding a
dependency that could block future upgrades... kinda like now. This is not a
future-proof design and will come at a future cost.
I'm happy to help implement an SSO solution that Gitlab is capable of using,
but I argue against using Gitlab as a future user database.
Side note... I got cert-based SSO working on https://gitea.debian.net/. It
actually ended up being pretty easy and kinda fun. I have a ticket with
upstream to support populating the email address, but that'll be a while.