LDAP accounts for DMs

To: debian-newmaint@lists.debian.org, debian-admin@lists.debian.org
Subject: LDAP accounts for DMs
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Wed, 19 Nov 2014 23:19:19 +0000
Message-id: <[🔎] 21613.9591.833794.103203@chiark.greenend.org.uk>

My dgit service would like every DM to have access to its restricted
ssh command on the new VM gideon.  This is a necessary condition for
providing DMs with dgit push access to their authorised packages.

(I seem to remember talking to various people about this before but I
can't remember who and I don't seem to have a record, so maybe it was
in person or on IRC.  So sorry if I'm repeating myself.)

As I understand it the correct way to implement this would be for DMs
to have accounts in LDAP.  (Presumably flagged in some appropriate way
so that they don't get more permissions than necessary.)

Is this something that DSA and DM-keyring are happy with ?  If so, how
can we make it happen ?

If this is not a good idea, or too hard, then I'm open to alternative
suggestions.  In the worst case I could set up some kind of robot
which would accept PGP-signed ssh keys, and ask DSA to fold its output
into the dgit service user's ssh account authorized_keys.  But that
seems like an undesirable bodge to me.

Thanks,
Ian.

Reply to:

Follow-Ups:
- Re: LDAP accounts for DMs
  - From: Aníbal Monsalve Salazar <anibal@debian.org>
- Re: LDAP accounts for DMs
  - From: Tollef Fog Heen <tfheen@err.no>
- Re: LDAP accounts for DMs
  - From: Gunnar Wolf <gwolf@gwolf.org>

Prev by Date: Re: DM application of Bastien ROUCARIÈS
Next by Date: Re: LDAP accounts for DMs
Previous by thread: DM application of Olof Johansson
Next by thread: Re: LDAP accounts for DMs
Index(es):
- Date
- Thread