[Systems] SL Central Login (was Re: [Systems-logs] [DNS] Sugar Labs DNS zone data branch, master, updated. 8f472af67a1177a9644675b1fd2c2af7dff2e77a)

Aleksey Lim alsroot at activitycentral.org
Tue Sep 20 08:42:47 EDT 2011


On Mon, Sep 19, 2011 at 09:44:12PM -0400, Bernie Innocenti wrote:
> On 09/19/11 14:31, Stefan Unterhauser wrote:
> >        Because SSL is such a mess, we need a separate IPv4 address for
> >     the client
> >        certificate based OpenID provider. SSL/TLS renegotation does not
> >     work well
> >        enough and enabling client certificates (even optional) on a
> >     shared host would
> >        lead to a bad user experience (some browsers pop up dialogs
> >     asking the user to
> >        choose the certificate even if none exists).
> > 
> >        identity will be a VM on treehouse hosting the client certificate
> >     based OpenID
> >        provider.
> > 
> > 
> > think it is better to set up this vm on housetree ... have there already
> > a debian squeeze template
> > ... wiki.sugarlabs.org/go/Machine/template-squeeze
> > <http://wiki.sugarlabs.org/go/Machine/template-squeeze>
> 
> Three more questions for Silbe:
> 
> 1. will this OpenID server also authenticate users against LDAP? Or CAS?
> I think we  we should try to consolidate on fewer users' databases as
> possible.

I think it will be useful to start settling down the question about
common SL login system, At least the system, Sweets[1], whose testing version
I'm hopping to publicly anounce this week, after trying to do that at
Sep 18, will require being authed to release new sofware versions within
this new system. For now it uses CAS on top of our LDAP but there are
several issues:

* to have LDAP record, people need to request for shell account (but
  there is no need in shell account for Sweets at all, only being
  authenticated)
* the process to create this account is not users friendly at all
  (email request to RT)

I guess we need to collect all info related to central login on, e.g., [2]
and have an infrastructure meeting to discuss how [2] might be
implemented.

[1] http://wiki.sugarlabs.org/go/Platform_Team/Sweets
[2] http://wiki.sugarlabs.org/go/Infrastructure_Team/Central_Login

-- 
Aleksey


More information about the Systems mailing list