вт, 19 мая 2020 г. в 09:47, Michał Górny <mgo...@gentoo.org>: > > On Mon, 2020-05-18 at 18:42 -0700, Alec Warner wrote: > > TL;DR: What if we launched id.gentoo.org, an identity provider that > > provides authentication for Gentoo properties? Basically, 1 username / > > password for wiki, bugs, email, forums, and any other http service[0][1]. > > > > Today Gentoo has numerous systems that mostly work in a segmented way. > > > > - To connect to hosts, we use ssh keys. > > - Git is authenticated via ssh keys. > > - Email uses LDAP passwords. > > - Bugzilla has its own identities, with their own passwords. > > - Wiki is separate, with its own passwords. > > - Forums are separate. > > - Infra has an additional 4 systems that use separate credentials. > > > > Some applications support 2FA (such as wiki.) > > Some applications do not support 2FA. > > Applications that require 2FA have a configuration for each app, so you > > have N configurations. > > > > If we configured id.gentoo.org you would have 1 identity across all gentoo > > properties. > > > > Is this a thing people are interested in? > > > > What a coincidence I've just archived our old identity.gentoo.org [1] > project. And yes, we almost had this back in 2013 but Infra failed to > deploy, and it was claimed obsolete by the time I joined Infra. > > Do you have any specific solution in mind? > > [1] https://gitweb.gentoo.org/archive/proj/identity.gentoo.org.git/ > > > -- > Best regards, > Michał Górny >
Hi there. Maybe better to try something already stable, like KeyCloak [1]? Seem all that you need (OpenID, LDAP, SAML2, external Identity Providers via OpenID) is already implemented. [1] https://www.keycloak.org/ -- >From Siberia with Love!
