From owner-freebsd-hackers@FreeBSD.ORG Wed Apr 1 17:29:07 2015 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CFB09A0A; Wed, 1 Apr 2015 17:29:07 +0000 (UTC) Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D802DAF; Wed, 1 Apr 2015 17:29:07 +0000 (UTC) Received: by lahf3 with SMTP id f3so41586381lah.2; Wed, 01 Apr 2015 10:29:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=4Rl+8yuxKvNtdD6G45a/kp5iYeKktLh6tKua40pyXfY=; b=rDDQ+KZ5mvaFSJQ8AAlP6UHoRFXPZFwrmcq6Jvvt/5rUcd1E/tgh1P06dYitOSWflf JKYfwViKjIsGfri6LD8yhPisVbEQkEnRyJeOartzd1B5Av8Ek1Rh+ByG6LIpCB+WUpc+ kZA5fF77kG97GOYfmXjRF1DW41o7dWKJXjsjkQHNTSXS8vLS2Ntx6cOQCtMsfSJ9BgAw LyUVv6yypVCpI6c/0M5lvTMDpMPQrK5vOtOtQK7Uw9njwyqZKjgjcaMJW/vmmlFKvD1S jbgJ2lOlc0mskYsunCZOhWpcmgzY7zbKTsqsAjgdgFzMCrOGLVBakixMPDwln6+LnTm9 ZxBQ== MIME-Version: 1.0 X-Received: by 10.112.8.76 with SMTP id p12mr33189488lba.29.1427909345423; Wed, 01 Apr 2015 10:29:05 -0700 (PDT) Sender: crodr001@gmail.com Received: by 10.112.108.168 with HTTP; Wed, 1 Apr 2015 10:29:05 -0700 (PDT) In-Reply-To: References: Date: Wed, 1 Apr 2015 10:29:05 -0700 X-Google-Sender-Auth: E3k1euLDb8bhsd4DB6j-pDs5vII Message-ID: Subject: Re: Bazaaring the cathedral (Lowering the Barrier to Entry) From: Craig Rodrigues To: Eitan Adler Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: FreeBSD Hackers , freebsd-current Current X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Apr 2015 17:29:07 -0000 On Wed, Apr 1, 2015 at 9:55 AM, Eitan Adler wrote: > > To solve this problem I propose a simple solution: self-serve commit > access. We create a web service on accounts.freebsd.org via which > users can create themselves a freefall account. In addition to a > freefall account, the identical username would be created for the wiki > and phabricator, bugzilla, and any other service we might provide. > I support the creation of accounts.freebsd.org. I suggest that we use PWM ( http://code.google.com/p/pwm/ ) as a web-based front-end to a back-end LDAP database. The FreeBSD cluster already has LDAP ( https://www.freebsd.org/doc/en_US.ISO8859-1/articles/committers-guide/article.html#kerberos-ldap ) The FreeBSD cluster LDAP + Kerberos back-end infrastructure is something developed by clusteradm (most likely Peter Wemm). It works quite well. I succeeded in using the FreeBSD cluster LDAP system for Jenkins authentication, and it just worked like a champ. The FreeBSD cluster LDAP system just needs a better front-end that is more user friendly, and easier to manage. If you log into hub.freebsd.org and look at /etc/aliases, you will see that there are 12 people who receive clusteradm e-mails. My experience working with Jenkins is that only about 2-3 people actively do clusteradm work, and they are *way* overloaded. If we could have accounts.freebsd.org which streamlines a lot of the account creation and management, and works across many modern web applications, that would be super cool, and would hopefully reduce the load on clusteradm! -- Craig