On Sun, 2008-06-01 at 19:33 +0200, Olav Vitters wrote: > On Sun, Jun 01, 2008 at 06:21:57PM +0200, Christian Rose wrote: > > On 9/29/07, Olav Vitters <olav bkor dhs org> wrote: > > There seems to be a bunch of "what's my Mango password?" tickets > > stalled in RT3. > > I'd like to know what I should answer the requestors. Is there a simple answer? > > I tried > > Depends if they want to retrieve their password or reset it. Resetting > is very annoying. This as > a) I don't want people being able to login to the main LDAP server (even > if there is a command restriction) > b) Even if those logins would be allowed, I wouldn't trust a suid reset > command > c) Socket cannot change the password anyway as it is not the main LDAP > server (could be done if everything uses openldap 2.4+.. RHEL5 has 2.3) > d) MAINTAINERS file crappiness > > Long term, I want people to use GPG instead of passwords. Then the > password is only there for some services like e.g. Jabber. I don't know > much about LDAP (finally understand it somewhat since the last few > days!) > If people would need a password reset, they'd login to Mango using GPG, > then click the 'new password' button. This would give them a new > password. It is stalled due to lack of resources (would appreciate more > help with building new infrastructure). > > Note: The reason I haven't implemented GPG yet is only due to not > getting to it (it is difficult). I'm not going to ask for consensus. It > will be implemented. I don't mind if people don't want it, it will be > their problem if they want to give a new developer an SVN account, etc. If GPG is the way to go, shouldn't be the GUADEC a good opportunity to have a GPG Key Signing Party[1]? A GPG key without any other sign who trust it doesn't have enough value. [1] http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html -- Germán Póo-Caamaño Concepción - Chile http://www.gnome.org/~gpoo/
Attachment:
signature.asc
Description: This is a digitally signed message part