From: "Shawn O. Pearce" <spearce@spearce.org>
To: "Stephen R. van den Berg" <srb@cuci.nl>
Cc: git <git@vger.kernel.org>
Subject: Re: [RFC] Adding a challenge-response authentication method to git://
Date: Wed, 13 Aug 2008 09:40:38 -0700 [thread overview]
Message-ID: <20080813164038.GE3782@spearce.org> (raw)
In-Reply-To: <20080813162644.GC12200@cuci.nl>
"Stephen R. van den Berg" <srb@cuci.nl> wrote:
> What are the opinions on adding a basic challenge-response type
> authentication mechanism to the native git protocol?
> I.e. the authentication would be a simple one, which uses
> SHA1 (surprise ;-) to actually encrypt username/password/salt
> and authenticate the user.
>
> I'm willing to do the work, if there are no objections.
Last time we talked about this we got off onto some tagent about
using GnuPG public keys to authenticate users, and then how we might
store the public keys in a keyring and log pushes (changes to refs)
so that one could replicate the log on another server and come up
with the same result. Hence not just the current source code but
also the "how we got here" could be verified externally.
Username/password management is always ugly. Some admins will want
you to plug into PAM, others just want a flat file that is unique
to the service, others want LDAP. And then you get into people
wanting Kerberos support because they already have everything else
in their domain supporting it. Tons of complexity for our project.
Isn't there some authentication frontend that some IMAP servers
use to handle the authentication for them? I think last time
I setup bincimap it used checkpassword. We might want to do the
same if we are going down this road...
--
Shawn.
next prev parent reply other threads:[~2008-08-13 16:41 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-13 16:26 [RFC] Adding a challenge-response authentication method to git:// Stephen R. van den Berg
2008-08-13 16:36 ` Petr Baudis
2008-08-14 7:48 ` David Brown
2008-08-14 8:23 ` Petr Baudis
2008-08-14 11:07 ` Stephen R. van den Berg
2008-08-14 11:39 ` Petr Baudis
2008-08-14 12:14 ` Stephen R. van den Berg
2008-08-13 16:40 ` Shawn O. Pearce [this message]
2008-08-13 17:37 ` Stephen R. van den Berg
2008-08-13 18:08 ` Shawn O. Pearce
2008-08-14 0:10 ` Stephen R. van den Berg
2008-08-14 0:57 ` Shawn O. Pearce
2008-08-14 7:13 ` Stephen R. van den Berg
2008-08-14 9:15 ` Andreas Ericsson
2008-08-14 9:51 ` Stephen R. van den Berg
2008-08-14 17:24 ` david
2008-08-14 17:18 ` david
2008-08-14 21:00 ` Shawn O. Pearce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080813164038.GE3782@spearce.org \
--to=spearce@spearce.org \
--cc=git@vger.kernel.org \
--cc=srb@cuci.nl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).