[Systems] [Systems-logs] [DNS] Sugar Labs DNS zone data branch, master, updated. 8f472af67a1177a9644675b1fd2c2af7dff2e77a

[Bernie Innocenti]

On 09/19/11 14:31, Stefan Unterhauser wrote:
>        Because SSL is such a mess, we need a separate IPv4 address for
>     the client
>        certificate based OpenID provider. SSL/TLS renegotation does not
>     work well
>        enough and enabling client certificates (even optional) on a
>     shared host would
>        lead to a bad user experience (some browsers pop up dialogs
>     asking the user to
>        choose the certificate even if none exists).
> 
>        identity will be a VM on treehouse hosting the client certificate
>     based OpenID
>        provider.
> 
> 
> think it is better to set up this vm on housetree ... have there already
> a debian squeeze template
> ... wiki.sugarlabs.org/go/Machine/template-squeeze
> <http://wiki.sugarlabs.org/go/Machine/template-squeeze>

Three more questions for Silbe:

1. will this OpenID server also authenticate users against LDAP? Or CAS?
I think we  we should try to consolidate on fewer users' databases as
possible.

2. Couldn't we allocate an extra IP on sunjammer?

3. Does the OpenID server support you intend to deploy support multiple
domains? I currently use both id.sugarlabs.org and id.codewiz.org.

-- 
Bernie Innocenti
Sugar Labs Infrastructure Team
http://wiki.sugarlabs.org/go/Infrastructure_Team