FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Infrastructure

 
 
LinkBack Thread Tools
 
Old 11-19-2009, 10:24 PM
"Mathieu Bridon (bochecha)"
 
Default PKI (Was: Meeting Log - 2009-11-19)

Hi,

> 20:25 < dgilmore> mmcgrath: id like to try work on updating koji auth/ and notifications during F-13 life cycle
> 20:26 < ricky> PKI would be nice too :-)
> 20:26 -!- |pitr| [n=kvirc@91.150.139.57] has joined #fedora-meeting
> 20:26 < mmcgrath> #idea updating koji auth and notifications
> 20:26 < mmcgrath> #idea pki (ricky says he'll do this and it'll be done by january)
> 20:26 < mmcgrath> :-P
> 20:26 ** ricky runs
[snip]
> 20:28 < smooge> pki?
> 20:28 < smooge> sorry.. will talk off chan
> 20:28 < mmcgrath> smooge: yeah our pki right now is very... ehh manual
> 20:28 < mmcgrath> and not fun to manage

Not sure that's what you're looking for, but the guys I work with have
created this neat Python module to handle CAs and certs:
http://bitbucket.org/faide/pki/

It's free software (MIT or PSF).

Would that help ?


----------

Mathieu Bridon (bochecha)

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 11-19-2009, 11:25 PM
Mike McGrath
 
Default PKI (Was: Meeting Log - 2009-11-19)

On Fri, 20 Nov 2009, Mathieu Bridon (bochecha) wrote:

> Hi,
>
> > 20:25 < dgilmore> mmcgrath: id like to try work on updating koji auth/ and notifications during F-13 life cycle
> > 20:26 < ricky> PKI would be nice too :-)
> > 20:26 -!- |pitr| [n=kvirc@91.150.139.57] has joined #fedora-meeting
> > 20:26 < mmcgrath> #idea updating koji auth and notifications
> > 20:26 < mmcgrath> #idea pki (ricky says he'll do this and it'll be done by january)
> > 20:26 < mmcgrath> :-P
> > 20:26 ** ricky runs
> [snip]
> > 20:28 < smooge> pki?
> > 20:28 < smooge> sorry.. will talk off chan
> > 20:28 < mmcgrath> smooge: yeah our pki right now is very... ehh manual
> > 20:28 < mmcgrath> and not fun to manage
>
> Not sure that's what you're looking for, but the guys I work with have
> created this neat Python module to handle CAs and certs:
> http://bitbucket.org/faide/pki/
>
> It's free software (MIT or PSF).
>

I think anything helps, we've been looking at dogtag for a while but
nothing has materialized yet. It's good to keep our options open.

-Mike______________________________________________ _
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 11-20-2009, 12:26 AM
Greg Swift
 
Default PKI (Was: Meeting Log - 2009-11-19)

On Thu, Nov 19, 2009 at 18:25, Mike McGrath <mmcgrath@redhat.com> wrote:

On Fri, 20 Nov 2009, Mathieu Bridon (bochecha) wrote:



> Hi,

>

> > 20:25 < dgilmore> mmcgrath: id like to try work on updating koji auth/ and notifications during F-13 life cycle

> > 20:26 < ricky> PKI would be nice too :-)

> > 20:26 -!- |pitr| [n=kvirc@91.150.139.57] has joined #fedora-meeting

> > 20:26 < mmcgrath> #idea updating koji auth and notifications

> > 20:26 < mmcgrath> #idea pki (ricky says he'll do this and it'll be done by january)

> > 20:26 < mmcgrath> :-P

> > 20:26 ** ricky runs

> [snip]

> > 20:28 < smooge> pki?

> > 20:28 < smooge> sorry.. will talk off chan

> > 20:28 < mmcgrath> smooge: yeah our pki right now is very... ehh manual

> > 20:28 < mmcgrath> and not fun to manage

>

> Not sure that's what you're looking for, but the guys I work with have

> created this neat Python module to handle CAs and certs:

> http://bitbucket.org/faide/pki/

>

> It's free software (MIT or PSF).

>



I think anything helps, we've been looking at dogtag for a while but

nothing has materialized yet. *It's good to keep our options open.



I played with koji a while back, and one thought that I had at the time was about getting it to work with certmaster.** I would think that based on the description from its product page that it would meet the conceptual requirements:


From https://fedorahosted.org/certmaster/
Certmaster is a set of tools and a library for easily distributing SSL certificates to applications that need them
Certmaster originated in the Func project
Any application can use certmaster for easy exchange of SSL certificates
Certmaster has a a python API and command line tool provided ("certmaster-request") for requesting certificates
A daemon, called "certmaster" is included to hand certificates out
The tool "certmaster-ca" is used to list certs and sign them when requests come in.
autosigning of new certificate requests is also supported but is off by default.
configuration is all done via minimal text files
certmaster has extensive audit logs of certificate operation

When I've looked at certmaster in the past I personally felt it needed a touch more configuration to allow for the actual signing of certificates by multiple applications, but a good frame work is in place, and its works fairly well for func.


One part I know it is definitely lacking is the user certificates.

-greg

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 

Thread Tools




All times are GMT. The time now is 04:35 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org