Difference between revisions of "Committer resources"
From K5Wiki
m (New Committers moved to Committer resources: Information here will be relevant to existing committers as it changes.) |
|||
Line 1: | Line 1: | ||
− | This is information for developers who are |
+ | This is information for developers who are [[Committers|committers]] to our repository. |
== Enrollment == |
== Enrollment == |
||
Line 12: | Line 12: | ||
== Where stuff is at == |
== Where stuff is at == |
||
− | * Git URL git.mit.edu:/git/krb5.git -- you may need to put "username@" in front |
+ | * Git URL git.mit.edu:/git/krb5.git -- you may need to put "username@" in front if your local username is not the same as your Athena account name. |
* SSH to athena.dialup.mit.edu if you want easy access to AFS, a UNIX shell, etc. |
* SSH to athena.dialup.mit.edu if you want easy access to AFS, a UNIX shell, etc. |
||
** You'll need to set GSSAPIDelegateCredentials=yes in order to do passwordless login, because user home directories are in AFS, and the administrators didn't want to confuse users who logged in with Kerberos but couldn't access their files. |
** You'll need to set GSSAPIDelegateCredentials=yes in order to do passwordless login, because user home directories are in AFS, and the administrators didn't want to confuse users who logged in with Kerberos but couldn't access their files. |
||
* RT https://krbdev.mit.edu/rt/ (or https://krbdev.mit.edu:444/rt/ if your browser doesn't deal with "optional" SSL client certificate verification) |
* RT https://krbdev.mit.edu/rt/ (or https://krbdev.mit.edu:444/rt/ if your browser doesn't deal with "optional" SSL client certificate verification) |
||
− | [[Category:Lore]] |
||
+ | == Accessing git.mit.edu == |
||
+ | |||
+ | The preferred way to access git.mit.edu is with GSSAPI krb5 authentication. It is not necessary to delegate credentials. |
||
+ | |||
+ | It is also possible to use publickey authentication. Because Athena account home directories are stored in AFS, there are some extra setup steps required to make sure that the sshd on git.mit.edu can read your public key: |
||
+ | |||
+ | * Your home directory and .ssh directory must allow list (but not read) access to unauthenticated users. This is generally the case by default. |
||
+ | * Your .ssh/authorized_keys file must be a link to a directory which allows read access to unauthenticated users. To set this up, you can ssh to athena.dialup.mit.edu and run: |
||
+ | |||
+ | # mkdir $HOME/.ssh if it doesn't already exist. |
||
+ | cd $HOME/.ssh |
||
+ | mkdir pub |
||
+ | fs sa pub system:anyuser rl |
||
+ | # Move aside authorized_keys if it already exists. |
||
+ | ln -s pub/authorized_keys authorized_keys |
||
+ | |||
+ | The contents of your key pair's .pub file should be placed into $HOME/.ssh/pub/authorized_keys. |
||
+ | |||
+ | Finally, you can authenticate to git.mit.edu using password authentication with your Athena password. |
Revision as of 15:03, 4 October 2012
This is information for developers who are committers to our repository.
Enrollment
- Athena account: MITKC staff will sponsor as appropriate. See http://web.mit.edu/accounts/www/getaccount.html for some overview information about Athena accounts.
- X.509 client certificate: Needed for RT access, among others. Information on how to obtain one is at http://web.mit.edu/ist/topics/certificates/index.html
- RT account
- Git access
- Daptiv access (for some contributors working on time-sensitive projects)
- Posting authorization to cvs-krb5 if you are going to commit stuff.
Where stuff is at
- Git URL git.mit.edu:/git/krb5.git -- you may need to put "username@" in front if your local username is not the same as your Athena account name.
- SSH to athena.dialup.mit.edu if you want easy access to AFS, a UNIX shell, etc.
- You'll need to set GSSAPIDelegateCredentials=yes in order to do passwordless login, because user home directories are in AFS, and the administrators didn't want to confuse users who logged in with Kerberos but couldn't access their files.
- RT https://krbdev.mit.edu/rt/ (or https://krbdev.mit.edu:444/rt/ if your browser doesn't deal with "optional" SSL client certificate verification)
Accessing git.mit.edu
The preferred way to access git.mit.edu is with GSSAPI krb5 authentication. It is not necessary to delegate credentials.
It is also possible to use publickey authentication. Because Athena account home directories are stored in AFS, there are some extra setup steps required to make sure that the sshd on git.mit.edu can read your public key:
- Your home directory and .ssh directory must allow list (but not read) access to unauthenticated users. This is generally the case by default.
- Your .ssh/authorized_keys file must be a link to a directory which allows read access to unauthenticated users. To set this up, you can ssh to athena.dialup.mit.edu and run:
# mkdir $HOME/.ssh if it doesn't already exist. cd $HOME/.ssh mkdir pub fs sa pub system:anyuser rl # Move aside authorized_keys if it already exists. ln -s pub/authorized_keys authorized_keys
The contents of your key pair's .pub file should be placed into $HOME/.ssh/pub/authorized_keys.
Finally, you can authenticate to git.mit.edu using password authentication with your Athena password.