Hi,
20:25 < dgilmore> mmcgrath: id like to try work on updating koji auth/ and notifications during F-13 life cycle 20:26 < ricky> PKI would be nice too :-) 20:26 -!- |pitr| [n=kvirc@91.150.139.57] has joined #fedora-meeting 20:26 < mmcgrath> #idea updating koji auth and notifications 20:26 < mmcgrath> #idea pki (ricky says he'll do this and it'll be done by january) 20:26 < mmcgrath> :-P 20:26 * ricky runs
[snip]
20:28 < smooge> pki? 20:28 < smooge> sorry.. will talk off chan 20:28 < mmcgrath> smooge: yeah our pki right now is very... ehh manual 20:28 < mmcgrath> and not fun to manage :)
Not sure that's what you're looking for, but the guys I work with have created this neat Python module to handle CAs and certs: http://bitbucket.org/faide/pki/
It's free software (MIT or PSF).
Would that help ?
----------
Mathieu Bridon (bochecha)
On Fri, 20 Nov 2009, Mathieu Bridon (bochecha) wrote:
Hi,
20:25 < dgilmore> mmcgrath: id like to try work on updating koji auth/ and notifications during F-13 life cycle 20:26 < ricky> PKI would be nice too :-) 20:26 -!- |pitr| [n=kvirc@91.150.139.57] has joined #fedora-meeting 20:26 < mmcgrath> #idea updating koji auth and notifications 20:26 < mmcgrath> #idea pki (ricky says he'll do this and it'll be done by january) 20:26 < mmcgrath> :-P 20:26 * ricky runs
[snip]
20:28 < smooge> pki? 20:28 < smooge> sorry.. will talk off chan 20:28 < mmcgrath> smooge: yeah our pki right now is very... ehh manual 20:28 < mmcgrath> and not fun to manage :)
Not sure that's what you're looking for, but the guys I work with have created this neat Python module to handle CAs and certs: http://bitbucket.org/faide/pki/
It's free software (MIT or PSF).
I think anything helps, we've been looking at dogtag for a while but nothing has materialized yet. It's good to keep our options open.
-Mike
On Thu, Nov 19, 2009 at 18:25, Mike McGrath mmcgrath@redhat.com wrote:
On Fri, 20 Nov 2009, Mathieu Bridon (bochecha) wrote:
Hi,
20:25 < dgilmore> mmcgrath: id like to try work on updating koji auth/
and notifications during F-13 life cycle
20:26 < ricky> PKI would be nice too :-) 20:26 -!- |pitr| [n=kvirc@91.150.139.57] has joined #fedora-meeting 20:26 < mmcgrath> #idea updating koji auth and notifications 20:26 < mmcgrath> #idea pki (ricky says he'll do this and it'll be done
by january)
20:26 < mmcgrath> :-P 20:26 * ricky runs
[snip]
20:28 < smooge> pki? 20:28 < smooge> sorry.. will talk off chan 20:28 < mmcgrath> smooge: yeah our pki right now is very... ehh manual 20:28 < mmcgrath> and not fun to manage :)
Not sure that's what you're looking for, but the guys I work with have created this neat Python module to handle CAs and certs: http://bitbucket.org/faide/pki/
It's free software (MIT or PSF).
I think anything helps, we've been looking at dogtag for a while but nothing has materialized yet. It's good to keep our options open.
I played with koji a while back, and one thought that I had at the time was about getting it to work with certmaster. I would think that based on the description from its product page that it would meet the conceptual requirements:
- Certmaster is a set of tools and a library for easily distributing SSL certificates to applications that need them - Certmaster originated in the Func https://fedorahosted.org/funcproject - Any application can use certmaster for easy exchange of SSL certificates - Certmaster has a a python API and command line tool provided ("certmaster-request") for requesting certificates - A daemon, called "certmaster" is included to hand certificates out - The tool "certmaster-ca" is used to list certs and sign them when requests come in. - autosigning of new certificate requests is also supported but is off by default. - configuration is all done via minimal text files - certmaster has extensive audit logs of certificate operation
When I've looked at certmaster in the past I personally felt it needed a touch more configuration to allow for the actual signing of certificates by multiple applications, but a good frame work is in place, and its works fairly well for func.
One part I know it is definitely lacking is the user certificates.
-greg
infrastructure@lists.fedoraproject.org