GitHub plugin not giving anonymous read-only access
15 views
Skip to first unread message
Justin Clift
Apr 22, 2015, 1:35:44 AM4/22/15
to Repo Discuss
Hi all,
Over the last few days we switched our Gerrit instance from using
OpenID, to using the GitHub plugin.
One unexpected difference between the two, is that unauthenticated
users no longer seem to have access. eg there's no "read only"
mode for people who aren't logged in
Is a lack of read-access for anonymous users a known issue with
the GitHub plugin, or is it likely just a config problem on our
end?
Regards and best wishes,
Justin Clift
--
GlusterFS - http://www.gluster.org
An open source, distributed file system scaling to several
petabytes, and handling thousands of clients.
My personal twitter: twitter.com/realjustinclift
Over the last few days we switched our Gerrit instance from using
OpenID, to using the GitHub plugin.
One unexpected difference between the two, is that unauthenticated
users no longer seem to have access. eg there's no "read only"
mode for people who aren't logged in
Is a lack of read-access for anonymous users a known issue with
the GitHub plugin, or is it likely just a config problem on our
end?
Regards and best wishes,
Justin Clift
--
GlusterFS - http://www.gluster.org
An open source, distributed file system scaling to several
petabytes, and handling thousands of clients.
My personal twitter: twitter.com/realjustinclift
Luca Milanesio
Apr 22, 2015, 1:55:46 AM4/22/15
to Justin Clift, Repo Discuss
Have you tried to set auth.loginUrl=/login?
(See https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#auth)
HTH
Luca
Sent from my iPhone
> --
> --
> To unsubscribe, email repo-discuss...@googlegroups.com
> More info at http://groups.google.com/group/repo-discuss?hl=en
>
> ---
> You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
(See https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#auth)
HTH
Luca
Sent from my iPhone
> --
> To unsubscribe, email repo-discuss...@googlegroups.com
> More info at http://groups.google.com/group/repo-discuss?hl=en
>
> ---
> You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Luca Milanesio
Apr 22, 2015, 3:18:20 AM4/22/15
to Justin Clift, Repo Discuss
Possibly worth making a change on the InitStep to guide through this setting: something like “do you want to allow anonymous browsing? [Y/n]”
Luca.
> On 22 Apr 2015, at 08:15, Justin Clift <jus...@gluster.org> wrote:
>
> Thanks Luca! Yep, that worked. Awesome. :)
>
> + Justin
Luca.
> On 22 Apr 2015, at 08:15, Justin Clift <jus...@gluster.org> wrote:
>
> Thanks Luca! Yep, that worked. Awesome. :)
>
> + Justin
Luca Milanesio
Apr 22, 2015, 3:26:16 AM4/22/15
to Justin Clift, Repo Discuss
It is more a suggestion: it is quite common when setting up security to allow (or deny) anonymous browsing.
The historical HTTP auth setting for this is quite implicit: the “fact of having a login URL” implies that you need to login explicitly, otherwise you are always requested to be authenticated with an HTTP header.
There is a rationale behind the “auth.loginUrl” but it is not straightforward the direct consequence.
Luca.
> On 22 Apr 2015, at 08:20, Justin Clift <jus...@gluster.org> wrote:
>
> Is that a general observation thing, or a suggestion for a setting we should
> be tweaking?
>
> It sort of sounds like a general observation about "Running 'init' should
> ask about this, as most people won't know about it."
>
> If so, **YES**. :)
The historical HTTP auth setting for this is quite implicit: the “fact of having a login URL” implies that you need to login explicitly, otherwise you are always requested to be authenticated with an HTTP header.
There is a rationale behind the “auth.loginUrl” but it is not straightforward the direct consequence.
Luca.
> On 22 Apr 2015, at 08:20, Justin Clift <jus...@gluster.org> wrote:
>
> Is that a general observation thing, or a suggestion for a setting we should
> be tweaking?
>
> It sort of sounds like a general observation about "Running 'init' should
> ask about this, as most people won't know about it."
>
> If so, **YES**. :)
Justin Clift
Apr 22, 2015, 3:28:59 AM4/22/15
to Luca Milanesio, Repo Discuss
Thanks Luca! Yep, that worked. Awesome. :)
+ Justin
On 22 Apr 2015, at 06:55, Luca Milanesio <luca.mi...@gmail.com> wrote:
+ Justin
On 22 Apr 2015, at 06:55, Luca Milanesio <luca.mi...@gmail.com> wrote:
Justin Clift
Apr 22, 2015, 3:29:00 AM4/22/15
to Luca Milanesio, Repo Discuss
Is that a general observation thing, or a suggestion for a setting we should
be tweaking?
It sort of sounds like a general observation about "Running 'init' should
ask about this, as most people won't know about it."
If so, **YES**. :)
be tweaking?
It sort of sounds like a general observation about "Running 'init' should
ask about this, as most people won't know about it."
+ Justin
Reply all
Reply to author
Forward
0 new messages