On Thu, Nov 19, 2009 at 18:25, Mike McGrath <mmcgrath(a)redhat.com> wrote:
On Fri, 20 Nov 2009, Mathieu Bridon (bochecha) wrote:
> Hi,
>
> > 20:25 < dgilmore> mmcgrath: id like to try work on updating koji auth/
and notifications during F-13 life cycle
> > 20:26 < ricky> PKI would be nice too :-)
> > 20:26 -!- |pitr| [n=kvirc(a)91.150.139.57] has joined #fedora-meeting
> > 20:26 < mmcgrath> #idea updating koji auth and notifications
> > 20:26 < mmcgrath> #idea pki (ricky says he'll do this and it'll
be done
by january)
> > 20:26 < mmcgrath> :-P
> > 20:26 * ricky runs
> [snip]
> > 20:28 < smooge> pki?
> > 20:28 < smooge> sorry.. will talk off chan
> > 20:28 < mmcgrath> smooge: yeah our pki right now is very... ehh manual
> > 20:28 < mmcgrath> and not fun to manage :)
>
> Not sure that's what you're looking for, but the guys I work with have
> created this neat Python module to handle CAs and certs:
>
http://bitbucket.org/faide/pki/
>
> It's free software (MIT or PSF).
>
I think anything helps, we've been looking at dogtag for a while but
nothing has materialized yet. It's good to keep our options open.
I played with koji a while back, and one thought that I had at the time was
about getting it to work with certmaster. I would think that based on the
description from its product page that it would meet the conceptual
requirements:
- Certmaster is a set of tools and a library for easily distributing SSL
certificates to applications that need them
- Certmaster originated in the Func <
https://fedorahosted.org/func>project
- Any application can use certmaster for easy exchange of SSL
certificates
- Certmaster has a a python API and command line tool provided
("certmaster-request") for requesting certificates
- A daemon, called "certmaster" is included to hand certificates out
- The tool "certmaster-ca" is used to list certs and sign them when
requests come in.
- autosigning of new certificate requests is also supported but is off by
default.
- configuration is all done via minimal text files
- certmaster has extensive audit logs of certificate operation
When I've looked at certmaster in the past I personally felt it needed a
touch more configuration to allow for the actual signing of certificates by
multiple applications, but a good frame work is in place, and its works
fairly well for func.
One part I know it is definitely lacking is the user certificates.
-greg