Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:117834
Return-Path: <landers.robert@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 42670 invoked from network); 30 May 2022 10:07:59 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 30 May 2022 10:07:59 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 2BE6F180211
	for <internals@lists.php.net>; Mon, 30 May 2022 04:51:43 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_05,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <landers.robert@gmail.com>
Received: from mail-oa1-f44.google.com (mail-oa1-f44.google.com [209.85.160.44])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 30 May 2022 04:51:42 -0700 (PDT)
Received: by mail-oa1-f44.google.com with SMTP id 586e51a60fabf-e5e433d66dso14007058fac.5
        for <internals@lists.php.net>; Mon, 30 May 2022 04:51:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=CG09VIelT6LbgEQ0v+PA3/7c151OY5E/X5SJo4YNiik=;
        b=nLEw5TOc/OeZ2NcOTAOy62oK662dhwRmfQGwSSzS6QhZZQl4M7SFhwbm6jyMczJu1I
         xLCSmWeHipNOtWkx5oCgeGpfuyPkIwF8OwgF/NKqM0rro6cYMUYNnc0jIhpcJKRwGCyj
         XANBkcqZZqOwpVeX4sb4cY0MrsEyjkhVzqwhSwCv9ZbOXSXVoJ7flvp6tIvdhHaePeq+
         zrASQgUh0se2zcRhwJjXy8J/Kmi4UjoEWXxlB7VQtMBZaMgLGrSyXso6rbjeNLpgVY/5
         W6QnkFGEmcC8/cgbx9BjcbaRT86gc3EHYeFz3rA4KR6q7a7s+dGNHJ0NpzB13NCjP/M7
         2BqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=CG09VIelT6LbgEQ0v+PA3/7c151OY5E/X5SJo4YNiik=;
        b=xIKhrUDOdyNQ9jaarVmNg1XpqYB4jSom6BjGZbS4VJiDj+4j+HB+Fk34nhW2UgrwEo
         XrDjDjQvanoS4v1UV48ZBPjY5hTHPdlphyTqqumfJIoFFtD6vtvmqXIuRmL0+HJtF+24
         +sNk5OXKsbQUdA3qXezZMzbS7SST0HJb5/CmScSd+lwcQZHLAH0/cAaNN47Asns5F+2G
         Yrlreuq653atNPfDb0f3TKUChjfyiZjtTCbrvPMW2AERycmyIlLbq8vIVeTU19fLW14x
         QHAWL05YZvrUE0rF02WAaY4TZhD9MHRVIlRBNAijR3PImdokFu6aKQKsVUw4K1P717Cy
         MdOg==
X-Gm-Message-State: AOAM531z2m5v6+q+ITJa2PwLYxS1Tvdcu6wfIrdHxlXjwmYBdZO4kARI
	WcmGz+hd5UIFkPH32jmtSXS7m74HPTVZHCETEZs=
X-Google-Smtp-Source: ABdhPJzPoZXs+ttJcFvaTkxC7JSuQemBgs4sG0pEs7qM/sC2P21rQRf+4j/b93FAo9CHRbj0cGRnbjBjaxCheWH3NZk=
X-Received: by 2002:a05:6870:5708:b0:e2:8a41:2261 with SMTP id
 k8-20020a056870570800b000e28a412261mr10190244oap.247.1653911502029; Mon, 30
 May 2022 04:51:42 -0700 (PDT)
MIME-Version: 1.0
References: <DU0PR02MB80956C2E31F00EFA472D706C8CDB9@DU0PR02MB8095.eurprd02.prod.outlook.com>
 <cc8b5e24-8d1e-82d2-9abd-9527364007e3@heigl.org> <6293d2f2.1c69fb81.78e38.c94cSMTPIN_ADDED_MISSING@mx.google.com>
In-Reply-To: <6293d2f2.1c69fb81.78e38.c94cSMTPIN_ADDED_MISSING@mx.google.com>
Date: Mon, 30 May 2022 13:51:31 +0200
Message-ID: <CAPzBOBMzg28J+t+OYFwWky2677cB1B7rrNgEB-yCFJR6h8JQUQ@mail.gmail.com>
To: Ben Ramsey <ramsey@php.net>
Cc: internals <internals@lists.php.net>
Content-Type: text/plain; charset="UTF-8"
Subject: Re: [PHP-DEV] [RFC][Under discussion] Create a global login system
 for php.net
From: landers.robert@gmail.com (Robert Landers)

On Sun, May 29, 2022 at 10:09 PM Ben Ramsey <ramsey@php.net> wrote:
>
> On 5/29/22 09:57, Andreas Heigl wrote:
> > But the bad news is, that there is also the colobus system which powers
> > the NNTP-server backend that a number of people use to interact with the
> > mailing-list. Which also has an authentication and would therefore need
> > to be switched. So we are back at 9 services. And we switched one that
> > is completely under our control to one that isn't as we are merely using
> > a (rather old by now) service.
>
> I've looked into colobus a fair amount, and it does not use
> authentication itself. It accepts requests to post to newgroups, but
> then it appears to primarily act as a proxy for ezmlm, which has it's
> own form of authentication, and we're not going to be able to tie the
> ezmlm authentication to GitHub.
>
> --
> Cheers,
> Ben

There's also the OAuth Proxy project:
https://oauth2-proxy.github.io/oauth2-proxy/docs/features/endpoints
which allows you to use some baked-in features of nginx in order to
provide unauthenticated/legacy services with protection and
appropriate authentication headers:
https://nginx.org/en/docs/http/ngx_http_auth_request_module.html.