Certs

Toshio Kuratomi a.badger at gmail.com
Tue Feb 13 22:36:54 UTC 2007


On Tue, 2007-02-13 at 15:36 -0600, Matt Domsch wrote:
> On Tue, Feb 13, 2007 at 11:29:35AM -0600, Mike McGrath wrote:
> > I'm going to buy some certs.
> > 
> > admin.fedoraproject.org
> > fedoraproject.org
> > hosted.fedoraproject.org
> > cvs.fedoraproject.org
> > 
> > Can anyone else think of any we need?  I'm debating 
> > cvs.fedoraproject.org because in a few months that might not make sense.
> 
> mirrormanager.fedoraproject.org will soonish.
> 
> Anything stand-alone that authenticates to the FAS will so we aren't passing those
> passwords across the web plaintext.  Toshio wondered if we would be
> running all those apps off of admin.fp.o as subdirectories
> (e.g. admin.fp.o/mirrormanager) so we could avoid the need for more
> DNS names and more certs.  Doesn't matter to me for mirrormanager
> alone, but chances are we will outgrow one machine for all the tools
> that may want to authenticate to the FAS.

We can ProxyPass out to other machines if we need the resources (The
pkgdb is accessible from admin.fedoraproject.org/pkgdb but it resides on
the internal test3.fedora.phx.redhat.com xen guest.)  Although it might
be better to simply use the load balancers to spread the requests for
the apps to several servers.  (The dynamic information is all kept in a
networked database, after all.)

-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20070213/0ecfc7e6/attachment.sig>


More information about the Fedora-infrastructure-list mailing list