[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Pulp-list] Repo Auth Requirements and Design

On 03/25/2011 08:41 AM, Todd B Sanders wrote:
On 03/25/2011 08:27 AM, Bryan Kearney wrote:
On 03/23/2011 04:28 PM, Jay Dobies wrote:
Hash: SHA1


I updated the doc given today's discussions.

In short, there will be two granularities of repo auth.
- - Individual, which is what the original design covered, that allows
credentials to be specified on a per-repo basis. "Repo X is protected
but Repo Y isn't."
- - Global, which secures *all* repos under a single set of credentials
defined at the Pulp level instead of the repo level. "I have 30 repos
and I want to secure access to everything, and it'd be cumbersome to add
the credentials to each repo individually."

Do I need to add requirements to candlepin to support the global case?
We only support the individual case right now. (Unless you create a
product which is "everything". That is how IT does it today, they have
a special cert which has a content set which is "/".

-- bk

Pulp-list mailing list
Pulp-list redhat com

This shouldn't effect Candlepin. The global setting is just short-hand
for securing the publishing of repos from the Pulp server; allows us to
use the same certificate-bundle for auth for all repos on the Pulp
server (think CDN). This is actually in support of Kalpana; as all repos
will require a Candlepin generated entitlement certificate (even custom
products). Doesn't Candlepin assume a single cert bundle for all
entitlement certificates that it issues?


A single CA, yes.

-- bk

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]