On 18-05-2020 18:42:24 -0700, Alec Warner wrote: > TL;DR: What if we launched id.gentoo.org[1], an identity provider that > provides > authentication for Gentoo properties? Basically, 1 username / password for > wiki, > bugs, email, forums, and any other http service[0][1].
I'd be in favour of SSO for all http-, imap- and smtp-based Gentoo services. Thanks, Fabian > > Today Gentoo has numerous systems that mostly work in a segmented way. > > - To connect to hosts, we use ssh keys. > - Git is authenticated via ssh keys. > - Email uses LDAP passwords. > - Bugzilla has its own identities, with their own passwords. > - Wiki is separate, with its own passwords. > - Forums are separate. > - Infra has an additional 4 systems that use separate credentials. > > Some applications support 2FA (such as wiki.) > Some applications do not support 2FA. > Applications that require 2FA have a configuration for each app, so you have N > configurations. > > If we configured id.gentoo.org[2] you would have 1 identity across all gentoo > properties. > > Is this a thing people are interested in? > > [0] It's unlikely operations for git via ssh would change in this rollout. > [1] Its unclear if the scope is "gentoo developers" or "any community member." > The former have LDAP accounts and @gentoo.org[3] email addresses and so we can > manage them easily; managing 1000s of other accounts in the IDP remains to be > seem. > > > References > 1. http://id.gentoo.org > 2. http://id.gentoo.org > 3. http://gentoo.org -- Fabian Groffen Gentoo on a different level
signature.asc
Description: PGP signature
