communication #166580
openPlanning: Community Auth Replacement
0%
Description
Currently due to SUSE compliance requirements, community authentication is currently hosted by SUSE on the Univention Corporate Server (UCS). This has experienced a number of difficulties, especially around scaling and reliability.
SUSE at this time wants to rearchitect authentication and this gives us the ability for community to host authentication instead.
As the infra.opensuse.org group has recently moved from FreeIPA to Kanidm, Kanidm has been put forth as a candidate. Upstream is working on the needed missing parts that OpenSUSE community auth would require for this.
We have not considered other options - if people want to suggest alternatives, we'd like to know so we can compare them.
Otherwise, we would like to proceed with Kanidm as the service for community auth since it has been a really good experience so far for infra.opensuse.org.
Updated by firstyear about 2 months ago
Updated by crameleon about 2 months ago
- Related to tickets #159798: UCS and Suse decommission added
Updated by crameleon about 1 month ago
I'd be happy to work with Kanidm, but would it be useful to note features missing for our use case and to reference them to upstream issues? I know some of them by browsing the upstream tracker, but others might not find them so easily.