From: "Shawn O. Pearce" <spearce@spearce.org>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org
Subject: Re: [RFC] Secure central repositories by UNIX socket authentication
Date: Mon, 28 Jan 2008 02:56:42 -0500 [thread overview]
Message-ID: <20080128075642.GD24004@spearce.org> (raw)
In-Reply-To: <7vabmqwgvt.fsf@gitster.siamese.dyndns.org>
Junio C Hamano <gitster@pobox.com> wrote:
> "Shawn O. Pearce" <spearce@spearce.org> writes:
>
> > Hmm. core.sharedrepository is sometimes a bad solution.
> >
> > core.sharedrepository means I need to give write access to both the
> > refs database and the object database to all members of the project.
> > Some of whom may not be able to be trusted with tools like "rm",
> > but who need real shell access to that system anyway. And sometimes
> > management won't allow users to have two accounts on the same system
> > (one that is fixed to git-shell, and one that has a real shell)
> > because the world would implode if a user was given two different
> > accounts for two different access purposes.
...
> Another approach to do the same I can think of, without having
> to add 50 new accounts for 50 users, would be to collect a ssh
> key from each of these 50 users,
Also, our network of servers and desktops is actually now managed
entirely through Active Directory. So all possible users already
have accounts on every server. Passwords are synchronized across
the entire network.
In other words, all of the management overheads associated with
user accounts has already been paid. Centralized SSH/SSL/PGP key
management is only adding an additional burden. For my day-job
anyway.
--
Shawn.
prev parent reply other threads:[~2008-01-28 7:57 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-27 10:39 [RFC] Secure central repositories by UNIX socket authentication Shawn O. Pearce
2008-01-27 14:04 ` Johannes Schindelin
2008-01-27 17:32 ` Shawn O. Pearce
2008-01-27 18:51 ` Johannes Schindelin
2008-01-28 0:54 ` Shawn O. Pearce
2008-01-28 8:14 ` Dmitry Potapov
2008-01-27 22:56 ` Junio C Hamano
2008-01-28 0:16 ` git-daemon is insecure? (was: [RFC] Secure central repositories) Shawn O. Pearce
2008-01-28 3:00 ` git-daemon is insecure? Junio C Hamano
2008-01-28 3:20 ` Shawn O. Pearce
2008-01-28 0:47 ` [RFC] Secure central repositories by UNIX socket authentication Shawn O. Pearce
2008-01-28 7:25 ` Junio C Hamano
2008-01-28 7:51 ` Shawn O. Pearce
2008-01-28 14:23 ` Asheesh Laroia
2008-01-29 3:11 ` Shawn O. Pearce
2008-01-28 7:56 ` Shawn O. Pearce [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080128075642.GD24004@spearce.org \
--to=spearce@spearce.org \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).