[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Pulp-list] Repo Auth Requirements and Design



On 03/25/2011 08:27 AM, Bryan Kearney wrote:
On 03/23/2011 04:28 PM, Jay Dobies wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://fedorahosted.org/pulp/wiki/RepoAuth

I updated the doc given today's discussions.

In short, there will be two granularities of repo auth.
- - Individual, which is what the original design covered, that allows
credentials to be specified on a per-repo basis. "Repo X is protected
but Repo Y isn't."
- - Global, which secures *all* repos under a single set of credentials
defined at the Pulp level instead of the repo level. "I have 30 repos
and I want to secure access to everything, and it'd be cumbersome to add
the credentials to each repo individually."


Do I need to add requirements to candlepin to support the global case? We only support the individual case right now. (Unless you create a product which is "everything". That is how IT does it today, they have a special cert which has a content set which is "/".

-- bk

_______________________________________________
Pulp-list mailing list
Pulp-list redhat com
https://www.redhat.com/mailman/listinfo/pulp-list

This shouldn't effect Candlepin. The global setting is just short-hand for securing the publishing of repos from the Pulp server; allows us to use the same certificate-bundle for auth for all repos on the Pulp server (think CDN). This is actually in support of Kalpana; as all repos will require a Candlepin generated entitlement certificate (even custom products). Doesn't Candlepin assume a single cert bundle for all entitlement certificates that it issues?

-Todd



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]