From: David Brown <git@davidb.org>
To: Petr Baudis <pasky@suse.cz>
Cc: "Stephen R. van den Berg" <srb@cuci.nl>, git <git@vger.kernel.org>
Subject: Re: [RFC] Adding a challenge-response authentication method to git://
Date: Thu, 14 Aug 2008 00:48:05 -0700 [thread overview]
Message-ID: <20080814074805.GA21577@linode.davidb.org> (raw)
In-Reply-To: <20080813163646.GO32184@machine.or.cz>
On Wed, Aug 13, 2008 at 06:36:46PM +0200, Petr Baudis wrote:
>On Wed, Aug 13, 2008 at 06:26:44PM +0200, Stephen R. van den Berg wrote:
>> What are the opinions on adding a basic challenge-response type
>> authentication mechanism to the native git protocol?
>> I.e. the authentication would be a simple one, which uses
>> SHA1 (surprise ;-) to actually encrypt username/password/salt
>> and authenticate the user.
>
>In the past, such an idea was dismissed with desire not to reimplement
>something ssh already implemented, and much better than we would.
The problem is that ssh ties you in very closely with the ability to
log into the machine. It's also hard to limit what ssh allows while
still allowing some users more priveleges.
But, this problem comes up with other protocols that use ssh for
authentication as well, so perhaps the solution is to fix the problems
with ssh to allow it to more securely allow non-login services.
David
next prev parent reply other threads:[~2008-08-14 8:18 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-13 16:26 [RFC] Adding a challenge-response authentication method to git:// Stephen R. van den Berg
2008-08-13 16:36 ` Petr Baudis
2008-08-14 7:48 ` David Brown [this message]
2008-08-14 8:23 ` Petr Baudis
2008-08-14 11:07 ` Stephen R. van den Berg
2008-08-14 11:39 ` Petr Baudis
2008-08-14 12:14 ` Stephen R. van den Berg
2008-08-13 16:40 ` Shawn O. Pearce
2008-08-13 17:37 ` Stephen R. van den Berg
2008-08-13 18:08 ` Shawn O. Pearce
2008-08-14 0:10 ` Stephen R. van den Berg
2008-08-14 0:57 ` Shawn O. Pearce
2008-08-14 7:13 ` Stephen R. van den Berg
2008-08-14 9:15 ` Andreas Ericsson
2008-08-14 9:51 ` Stephen R. van den Berg
2008-08-14 17:24 ` david
2008-08-14 17:18 ` david
2008-08-14 21:00 ` Shawn O. Pearce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080814074805.GA21577@linode.davidb.org \
--to=git@davidb.org \
--cc=git@vger.kernel.org \
--cc=pasky@suse.cz \
--cc=srb@cuci.nl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).