Project

General

Profile

Actions

communication #166580

open

Planning: Community Auth Replacement

Added by firstyear 2 months ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
2024-09-10
Due date:
% Done:

0%

Estimated time:

Description

Currently due to SUSE compliance requirements, community authentication is currently hosted by SUSE on the Univention Corporate Server (UCS). This has experienced a number of difficulties, especially around scaling and reliability.

SUSE at this time wants to rearchitect authentication and this gives us the ability for community to host authentication instead.

As the infra.opensuse.org group has recently moved from FreeIPA to Kanidm, Kanidm has been put forth as a candidate. Upstream is working on the needed missing parts that OpenSUSE community auth would require for this.

We have not considered other options - if people want to suggest alternatives, we'd like to know so we can compare them.

Otherwise, we would like to proceed with Kanidm as the service for community auth since it has been a really good experience so far for infra.opensuse.org.


Related issues 1 (1 open0 closed)

Related to openSUSE admin - tickets #159798: UCS and Suse decommissionNew2024-04-30

Actions
Actions #2

Updated by crameleon 2 months ago

Actions #3

Updated by crameleon 2 months ago

  • Private changed from Yes to No
Actions #4

Updated by crameleon 2 months ago

I'd be happy to work with Kanidm, but would it be useful to note features missing for our use case and to reference them to upstream issues? I know some of them by browsing the upstream tracker, but others might not find them so easily.

Actions #5

Updated by firstyear about 1 month ago

I think the best place would be to track the milestone

https://github.com/kanidm/kanidm/milestone/10

Actions

Also available in: Atom PDF