From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OMzmS-0001tJ-0h for garchives@archives.gentoo.org; Fri, 11 Jun 2010 08:40:00 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 55653E0AF1; Fri, 11 Jun 2010 08:39:57 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id F05FAE09FE for ; Fri, 11 Jun 2010 08:39:45 +0000 (UTC) Received: from [192.168.1.3] (ap.ran.gpi.ru [195.209.218.156]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 9F6271B400C for ; Fri, 11 Jun 2010 08:39:44 +0000 (UTC) Subject: Re: [gentoo-dev] RFC: Moving more developer data to LDAP, for scalability/redundancy (away, foward, permissive, SMTP password, plan) [WAS: Suggestion to ask devs to change their bugzilla name] From: Peter Volkov To: gentoo-dev@lists.gentoo.org In-Reply-To: <201006110948.37289.reavertm@gmail.com> References: <20100611032726.GA13860@orbis-terrarum.net> <1276241085.16507.588.camel@tablet> <201006110948.37289.reavertm@gmail.com> Content-Type: text/plain; charset="UTF-8" Date: Fri, 11 Jun 2010 12:38:21 +0400 Message-ID: <1276245501.16507.611.camel@tablet> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.28.3.1 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 875b978e-435f-4c16-85f4-dda73641a70f X-Archives-Hash: e97b120bf3946d61e021a8f0864de2d9 =D0=92 =D0=9F=D1=82=D0=BD, 11/06/2010 =D0=B2 09:48 +0200, Maciej Mrozowsk= i =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > On Friday 11 of June 2010 09:24:45 Peter Volkov wrote: > > =D0=92 =D0=A7=D1=82=D0=B2, 10/06/2010 =D0=B2 23:42 -0700, Alec Warner= =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > > > > I don't agree with that, but just out of curiosity, is it possibl= e to > > > > use a web interface? phpldapadmin or something > > >=20 > > > The problem with phpldapadmin is that it potentially opens up LDAP = to > > > the world. > >=20 > > Require everybody to forward connection through ssh to get ldap web > > interface? It's not hard to setup such tunnel manually or e.g. use > > xinetd for automatic tunnel creation on request... Another option is = to > > use https with ssl client side certificates). I think it's not hard f= or > > developers to generate certificates on dev.gentoo.org and import them > > into browsers. >=20 > I suppose simply making LDAP globally available (SSL only) is asking fo= r=20 > trouble. In such case anyway one could choose his/her favourite LDAP cl= ient. I'm talking about _web_ interface with required _ssl client authentification_. I guess it is as secure as ssh. --=20 Peter.