Skip to content

Latest commit

 

History

History
56 lines (47 loc) · 3.09 KB

20220524-minutes.md

File metadata and controls

56 lines (47 loc) · 3.09 KB

Authentication Working Group Minutes

Tuesday, 2022/05/24

10:00 am ET

Attendees:

Terrell Russell, Alan King, Kory Draughn, Dave Fellinger, Stefan Wolfsheimer (SURF), Claudio Cacciari (SURF), Tony Edgin (CyVerse), Harry Kodden (SURF), Alexandros Kardaris (SURF), Mike Conway (NIEHS)

Minutes

SUMMARY:

DISCUSSION

  • Alan Update
    • 4.3.0 is imminent (just have to package and publish)
    • Renamed the plugin to pam_password
    • So now...
      • pam - shipping with server - still the 4.2 plugin
      • pam_password - shipping with server - ported to new 4.3 framework
      • pam_interactive - from stefan's work, not shipped with server
      • osauth - will not being ported
      • krb - ported, mostly, passed tests - not shipping with server
  • Stefan Update and Demo of pam_interactive
    • Goal was flexible flow, not just single password challenge
    • iinit working
    • Demonstrated simple.py, 2fa.py, and 2fa_expire.py
    • But hit uncaught exception for ils, but probably due to not using native for the 'already authenticated' client
  • Alan links
  • Stefan Links:
  • Should we remove the irods-server's knowledge/opinion of pam password lifetime?
    • Surf use case, want to refresh a token from OIDC server
      • Should be possible with pam_interactive storing/refreshing tokens in the background
  • Plugin framework should perhaps define a 'hangup' or 'end' that iexit calls, so plugins could store information on the server side, and then remove it upon request. Every plugin would need to implement this 'end' function.
    • If information should be stored per user, then it could be sqlite file? But that is still per server.
    • Or perhaps the client-side function would call 'end'... does that break inter-version compatibility in the future? What if 'end' isn't required… just runs if defined?
  • Prepare talk for UGM 2022
  • Next Meeting
    • June 2022