Tuesday, 2022/08/23
10:00 am ET
Terrell Russell, Dave Fellinger, Kory Draughn, Alan King, Harry Kodden (SURF), Claudio Cacciari (SURF), Martin Golasowski (IT4I)
DISCUSSION
- Harry update, SURF
- SRAM handles team member enrollment / group management
- and authentication
- Stores public keys for each user
- and .irods/irods_environment.json
- Including pam_interactive as auth scheme
- Containerized setup
- https://github.com/HarryKodden/SRAM-iRODS-Showcase
- sync.py to sync new accounts from SRAM to containers (linux) and in the iRODS catalog, runs via crontab every minute
- Policy document describing how sync.py behaves
- For creation AND for deletion of iRODS accounts
- Ownership of any leftover data (reverts to admins, etc.)
- For creation AND for deletion of iRODS accounts
- SRAM handles team member enrollment / group management
- iRODS may eventually choose one of these user/group management solutions
- https://github.com/HarryKodden/irods-ldap-sync
- Handles all groups from SRAM to iRODS
- But not iRODS to SRAM, so should be turned off / controlled
- Python PAM bridge...
- Prototype in python... Is it safe enough to use in production?
- Then ported to C for production use
- Next steps
- Once access token expires... Refresh token work, perhaps seamlessly
- Next Meeting
- Sept 2022