[Systems] [Systems-logs] [DNS] Sugar Labs DNS zone data branch, master, updated. 8f472af67a1177a9644675b1fd2c2af7dff2e77a

Bernie Innocenti bernie at sugarlabs.org
Mon Sep 19 21:44:12 EDT 2011

On 09/19/11 14:31, Stefan Unterhauser wrote:
>        Because SSL is such a mess, we need a separate IPv4 address for
>     the client
>        certificate based OpenID provider. SSL/TLS renegotation does not
>     work well
>        enough and enabling client certificates (even optional) on a
>     shared host would
>        lead to a bad user experience (some browsers pop up dialogs
>     asking the user to
>        choose the certificate even if none exists).
>        identity will be a VM on treehouse hosting the client certificate
>     based OpenID
>        provider.
> think it is better to set up this vm on housetree ... have there already
> a debian squeeze template
> ... wiki.sugarlabs.org/go/Machine/template-squeeze
> <http://wiki.sugarlabs.org/go/Machine/template-squeeze>

Three more questions for Silbe:

1. will this OpenID server also authenticate users against LDAP? Or CAS?
I think we  we should try to consolidate on fewer users' databases as

2. Couldn't we allocate an extra IP on sunjammer?

3. Does the OpenID server support you intend to deploy support multiple
domains? I currently use both id.sugarlabs.org and id.codewiz.org.

Bernie Innocenti
Sugar Labs Infrastructure Team

More information about the Systems mailing list