On Tue, 1 Dec 2015 17:35:10 +0000 Wookey wookey@wookware.org wrote:
+++ Neil Williams [2015-12-01 16:52 +0000]:
Please let us know if you are using OpenID authentication with LAVA.
I use OpenID whenever I get the chance as one of the few ID protocols where I get some control, and don't just have to handover auth to one of the dubious web mega-corps, so I am in favour of it being an option.
If you fancy helping with https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806352 .... :-)
Sadly, there isn't a sane way of combining different authentication methods on a single instance as it massively complicates the admin burden of ensuring that the correct users have the correct group permissions. So when production switched from OpenID and Launchpad to LDAP run by Linaro internally, it was a switch - not an addition. It moved the authentication entirely within Linaro instead of going out to Launchpad.
I've not used lava much recently (so am rather vague on the details without checking), but I might have to use it again soon.
As far as any instance maintained by the Linaro Lab team is concerned, all logins are now using LDAP internally within Linaro and OpenId has been disabled already. The two authentication mechanisms are mutually incompatible as there is no assurance of matching one user to the one account when logging in using the other. This made the admin burden of ensuring that the correct users have the correct access to relevant devices infeasibly complex.
I think I was logging in via launchpad, which I think means I was/am indeed using openID for the webUI?
If you're thinking of validation.linaro.org, you probably did log in using Launchpad as the admin records show that you haven't logged in for some time - quite likely before production did the switch to LDAP. However, your next login will need to use LDAP.
I also recall something about feeding a key into gnome-keyring for command-line access - is that all old hat now?
No, that is the lava-tool interface (which can be replaced by simple xmlrpc scripts if you want to avoid python-keyring).