Tuesday, 2024/03/26
10:00 am ET
Terrell Russell, Kory Draughn, Alan King, Martin Flores, Claudio Cacciari (SURF)
DISCUSSION
- OIDC/OAuth2 in HTTP API
- Released v0.3.0, March 15, 2024
- Protected Resource mode
- Confidential Client mode
- Alternate User Mapping
- https://github.com/irods/irods_client_http_api/releases/tag/0.3.0
- Interested in community feedback about which mode is used
- Could consider removing one of them
- Claudio - SURF has clients/wrappers using PRC to talk to iRODS directly
- Could see HTTP API as a replacement where it makes sense
- Released v0.3.0, March 15, 2024
- pam_interactive
- Investigating adding tests for a possible release
- pam_python requires python2 - has not been updated since 2020
- Will require a different approach for automated testing.
- Tried configuring PAM as described in the docs, like one would for pam_password
- getting to “not_authenticated” state, and exiting)
- https://docs.irods.org/4.3.1/plugins/pluggable_authentication/#user-setup
- Confirmed that this configuration authenticates using the pam_handshake_auth_check, separately from the plugin
- Investigating difference of plugin vs pam_handshake_auth_check
- Enabling/disabling SSL in the plugin is not working
- This can be avoided by just using SSL all the time / manually but the plugin needs to enforce this before we release
- Or we just yell loudly to the admin that the system is not SSL-enabled
- Default is SSL - active option to disable SSL
- irods/irods_auth_plugin_pam_interactive#16
- Next Meeting
- April 2024