Hi, I'm attempting to hack on summit this weekend, and need to clear up some confusion after having reviewed the recent Debian SSO work and in particular this bit: “The web password is one way of logging into Debian's single sign-on system. There may be other ways (such as via Alioth) deployed in the future. Unfortunately this means that at the moment only Debian Developers can authenticate using single signon.”¹ Also this bit: “Agenda • add Alioth LDAP backend for identifying users”² … so in other words I, for example, wouldn't be able to login with my Alioth account 'gturner-guest'. Too bad because I was hoping to wire in LDAP via python-django-auth-ldap which would be easier for me as I'm sort of a kooky paranoid web auth hater :P So maybe I'm getting it wrong - via OAuth2 are we supposed to allow any old Google/Facebook/whatever account to register for DC14? For some reason I was on the track that having an Alioth account was required (perhaps for export/processing registration data downstream). ¹ https://wiki.debian.org/DebianSingleSignOn ² https://wiki.debian.org/Sprints/2014/SSOSprint -- Gerald Turner <gturner@unzane.com> Encrypted mail preferred! OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80 3858 EC94 2276 FDB8 716D
Attachment:
pgp4owGS7TM7A.pgp
Description: PGP signature