From 92ac1b4cbecb723ac97214f45b88c2b17cf489de Mon Sep 17 00:00:00 2001 From: Adam Samalik Date: Fri, 10 Apr 2015 10:20:23 +0200 Subject: [PATCH] Update README.md --- README.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 61327d2..ca6c079 100644 --- a/README.md +++ b/README.md @@ -47,5 +47,17 @@ The following is an example JSON data comming from the Package Database which wo ``` The final result would consist of two package repositories: -- *copr-frontend* with branches *master* and *fedora-21* -- *copr-backend* with three branches *master*, *fedora-21* and *centos-7* +- *copr-frontend* with a single branch: *fedora-21* +- *copr-backend* with two branches: *fedora-21* and *centos-7* + +### Client Authentication and Authorization + +In order to make changes in the package repositories, client needs to have a permission to do that. Both Git and Lookaside Cache have their own auth process. + +Git uses ssh communication and client authenticates with public key. Each user needs to have an account on the server and be in a *packager* group. Their ssh shell must be set to "`HOME=/var/lib/dist-git /usr/share/gitolite3/gitolite-shell %(username)s`" in order to have authorization working. + +Authorization is done by Gitolte. The configuration file describing all the permisions is automaticaly generated each time a Package Database is queried. Gitolite uses system users and groups. + +Lookaside Cache uses https communication and client authenticates with ssl client certificate. The Dist Git service provider needs to issue the client certificate for every user. + +There is no authentication needed in order to read from the server.