-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 https://fedorahosted.org/pulp/wiki/RepoAuth
That has both the requirements and design proposal. The majority of the design consists of things we know how to solve: accepting certs through the API, storing them on the Pulp server, and the auth handler framework. The biggest question is how do we know if auth should be applied to a repo. In RHUI, it's simple: all repos are authenticated. In Pulp, we need to check on a per repo basis not only if they are authenticated, but what the scheme[1] and credentials are. That's covered by the last section "Detection" and the big issue there is not crushing our performance in the process. So please make sure you give that section some thought and let me know if you have better ideas. [1] For now, our needs are to mimic CDN's OID validation. I don't see normal Pulp users wanting to have to deal with using Red Hat's OID schema, so ultimately I think we'll want to have some flexibility in letting the admin decide what sort of validation scheme is used on a per repo basis. The auth handler framework should largely support this now, so otherwise I'm just taking the approach of "we'll get to this when we have time." - -- Jay Dobies RHCE# 805008743336126 Freenode: jdob http://pulpproject.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNgmyHAAoJEOMmcTqOSQHCIn8H/io2nSUxIMsiVDU1XfdI3LH9 iJRW8N+mSF9HexygQYVXE+EBmV8EhkBM3YRgkBekooXuPz8LWgLo6a+C7W4zp2up NjpGFXaiLRY+eajRwbOF3PBDz6foU8Sr0xboZDoet+7Ctze8XyaF1qdH6v7zaa1Q ma72I/PmsIabMYXriJGJBQJxLCZfc2XtO36EJU4sR9NVlFw3ayN2bOFhM7DwYRVD XlDHTV5f1reVy2ioHHMQGFy50LfVOwxTiPQxFAkU8bz+wUbZA5ECJOPovL9pxPZe dwBOFaSC+7vM2wjZvWMHKPVtWq5KSimhLj9Q9iLyZDP89AA2qAJyZ8kiBiF1Hx8= =pzRK -----END PGP SIGNATURE----- _______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
