Excerpts from Dan Callaghan's message of 2017-02-01 03:17 +10:00: > Now that we have Kerberos for Fedora infrastructure, I would like to > switch beaker.qa.fedoraproject.org to use mod_auth_kerb (Kerberos) > instead of mod_auth_mellon (SAML). > > This will also give us working authentication for the bkr CLI, which > helps with automated job submission. > > Any objections to this?
So Patrick explained to me on IRC that they do not want to expand Kerberos into other services, and (more importantly) they are unwilling to allow Beaker to query the corresponding LDAP directory which would be needed for user lookups. As an alternative Patrick has supplied a patch to support Oauth2 bearer tokens for authentication in the bkr CLI, which I will work on getting into the next Beaker release. Once that is done and deployed on beaker.qa.fedoraproject.org we should finally have a way to submit jobs unattended using the CLI. -- Dan Callaghan <dcall...@redhat.com> Senior Software Engineer, Products & Technologies Operations Red Hat
signature.asc
Description: PGP signature
_______________________________________________ qa-devel mailing list -- qa-devel@lists.fedoraproject.org To unsubscribe send an email to qa-devel-le...@lists.fedoraproject.org
