[Buildbot-devel] [RFC] rework the authentication system
Todd Cooper
todd_cooper at yahoo.com
Sun Sep 4 10:11:55 UTC 2011
I would love an LDAP interface as that seems to be the way things are going for standardization.
We are using LDAP now and it would simplify things for people who are using it.
>________________________________
>From: Dustin J. Mitchell <dustin at v.igoro.us>
>To: Pierre Tardy <tardyp at gmail.com>
>Cc: buildbot-devel list <buildbot-devel at lists.sourceforge.net>
>Sent: Saturday, September 3, 2011 2:12 PM
>Subject: Re: [Buildbot-devel] [RFC] rework the authentication system
>
>On Tue, Aug 30, 2011 at 8:29 AM, Pierre Tardy <tardyp at gmail.com> wrote:
>> Hello,
>> AFAIK, the buildbot authentication system is very basic. Each web form
>> that needs to be restricted needs will get ugly user/password entries.
>>
>> I would like to rework that and have a more classic authentication.
>
>I like this idea - and Dmitry had a good start in pull 45. A few
>concerns, below.
>
>> My personal requirements would be:
>>
>> - Compatible with existing BasicAuth, and HTAccessAuth config file.
>> (no need to rewrite existing configs)
>> - LDAP support
>> - Custom Plugin authentication support (I'm thinking of using gerrit's
>> database to manage my users)
>> - Cookie based one-time authentication
>
>These all sound good, and should be pluggable IAuth implementations.
>Note that Buildbot just grew its own user database, too. It will be
>good if any plugins like gerrit or LDAP can also correlate with
>buildbot userids, so that actions via the web interface can be
>correlated with actions via IRC, version control, try, etc.
>
>> - Group based permission. authz will be configured to allow access to
>> one group, and not to that many users. What groups belongs what user
>> belongs to auth plugin, and not authz config.
>>
>> I would probably implement this that way:
>> - A login form will be available at the right of the buildbot web header.
>> - Submitting this form will call the auth plugin, and setup the cookie
>> - dictionnary of logged user will be kept by authz with LoggedUser
>> class that contains:
>> * login
>> * email
>> * full username
>> * groups
>
>Authz shouldn't be tracking who is logged in -- that should be done in IAuth.
>
>So, have at it!
>
>Dustin
>
>------------------------------------------------------------------------------
>Special Offer -- Download ArcSight Logger for FREE!
>Finally, a world-class log management solution at an even better
>price-free! And you'll get a free "Love Thy Logs" t-shirt when you
>download Logger. Secure your free ArcSight Logger TODAY!
>http://p.sf.net/sfu/arcsisghtdev2dev
>_______________________________________________
>Buildbot-devel mailing list
>Buildbot-devel at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/buildbot-devel
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://buildbot.net/pipermail/devel/attachments/20110904/18725e71/attachment.html>
More information about the devel
mailing list