בתאריך 17 ביוני 2016 10:09, "Marc Dequènes (Duck)" <duck(a)redhat.com>
I don't think allowing only external auth like Google OAuth2 would be
nice at all.
I respectfully disagree.
As long as we allow more then one provider, and also allow for some free
ones like Fedora its not bad at all IMO. And it has the nice benofit of not
having to secure any user credential database on our infra.
We've been using that approach on oVirt Gerrit forever, and are looking at
ways to expand it to other parts of the infra.
Long term we would probaly like all authentication done against prividers
via some sort of an sso layer, while authorization will be based on group
assignments in Gerrit.
We have a ticket about this somewhere...
(Appologies for last blank message)