Hi Alec, On Mon, 18 May 2020 18:42:24 -0700 Alec Warner wrote:
>TL;DR: What if we launched id.gentoo.org, an identity provider that >provides authentication for Gentoo properties? Basically, 1 username / >password for wiki, bugs, email, forums, and any other http >service[0][1]. > >Today Gentoo has numerous systems that mostly work in a segmented way. > > - To connect to hosts, we use ssh keys. > - Git is authenticated via ssh keys. > - Email uses LDAP passwords. > - Bugzilla has its own identities, with their own passwords. > - Wiki is separate, with its own passwords. > - Forums are separate. > - Infra has an additional 4 systems that use separate credentials. > >Some applications support 2FA (such as wiki.) >Some applications do not support 2FA. >Applications that require 2FA have a configuration for each app, so you >have N configurations. > >If we configured id.gentoo.org you would have 1 identity across all >gentoo properties. > >Is this a thing people are interested in? > >[0] It's unlikely operations for git via ssh would change in this >rollout. [1] Its unclear if the scope is "gentoo developers" or "any >community member." The former have LDAP accounts and @gentoo.org email >addresses and so we can manage them easily; managing 1000s of other >accounts in the IDP remains to be seem. In case 2FA won't be mandatory I find this a good idea. Kind regards -- Lars Wendler Gentoo package maintainer GPG: 21CC CF02 4586 0A07 ED93 9F68 498F E765 960E 9B39
pgpL2XtvxjHG4.pgp
Description: Digitale Signatur von OpenPGP
