Single Sign-On at Fedora Infrastructure

So, I have actually launched this a while ago (my git logs tells me November 2016), but I decided to enable it silently and see whether many people would complain. Well, it's been enough time now without any major complaints that I think I can call this really live now.

As lots of people have noticed, Fedora Infrastructure has recently switched to using Kerberos for authentication to Koji (our buildsystem) and Lookaside Cache (Source tarball cache for Fedora packages).

Well, as of November, our Ipsilon deployment has been configured to accept these Kerberos tickets as well.

This means that if you have a Kerberos ticket, and your browser is configured correctly (instructions available for Firefox and Chromium here, Firefox at Fedora is configured correctly by default), you will entirely bypass the Ipsilon login screen, and be silently logged in to any web service you were trying to use.

So, I'm hoping that this makes life easier for Fedora Contributors, and you can look forward to many more awesome things upcoming over this new year regarding the identity management from the Infrastructure team!

Fedora package delivery security

RHEL containers on non-RHEL hosts