From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Andreas Krey <a.krey@gmx.de>
Cc: Nguyen Thai Ngoc Duy <pclouds@gmail.com>, git@vger.kernel.org
Subject: Re: [RFC 0/2] Git-over-TLS (gits://) client side support
Date: Wed, 13 Jan 2010 22:47:32 +0200 [thread overview]
Message-ID: <20100113204732.GB8383@Knoppix> (raw)
In-Reply-To: <20100113194050.GA11688@inner.home.ulmdo.de>
On Wed, Jan 13, 2010 at 08:40:50PM +0100, Andreas Krey wrote:
> On Wed, 13 Jan 2010 21:18:02 +0000, Ilari Liusvaara wrote:
> ...
> > That feature is grossly underdocumented (and also nonportable). Unix(7)
> > should document it, except that it doesn't for me (it documents that
> > SO_PASSCRED takes a boolean, except that what the server implementation
> > passes is something completely different).
>
> Actually, I meant how you plan to map credentials (however obtained)
> into allowed actions inside git-daemon (or the hooks).
Its actually git-daemon2. And it doesn't authorize anything, only delegates
the authorization (e.g. to gitolite).
> ...
> > And how many (relative) use client ceritificates with SSL? Keypairs with SSH?
> > Why you think this is?
>
> Because ssh is much more popular than ssl client auth. Obtaining client
> certificates isn't much more complicated than getting an ssh account,
> once you have scripts for the stuff ready.
SSL client certificate usability is horrible. SSH keypairs are actually
almost usable.
> But I wonder: When you want keypair auth, why not just use ssh?
IIRC, I already have told at least twice...
> I didn't quite understand the use case yet, it seems. With ssh
> I have all the infrastructure like ssh-agent in place already;
> with gits: (any kind of) it will be asked for sooner or later.
gpg-agent can be used (since client uses gpg to protect the keys
if needed).
-Ilari
next prev parent reply other threads:[~2010-01-13 20:47 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-13 13:19 [RFC 0/2] Git-over-TLS (gits://) client side support Ilari Liusvaara
2010-01-13 13:19 ` [RFC 1/2] Git-over-TLS (gits://) client side support (part 1 of 2) Ilari Liusvaara
2010-01-13 13:19 ` [RFC 2/2] Git-over-TLS (gits://) client side support (part 2 " Ilari Liusvaara
2010-01-13 13:25 ` Alex Riesen
2010-01-13 13:39 ` [RFC 0/2] Git-over-TLS (gits://) client side support Nguyen Thai Ngoc Duy
2010-01-13 13:57 ` Ilari Liusvaara
2010-01-13 14:12 ` Andreas Krey
2010-01-13 14:47 ` Ilari Liusvaara
2010-01-13 16:17 ` Andreas Krey
2010-01-13 17:36 ` Ilari Liusvaara
2010-01-13 18:35 ` Andreas Krey
2010-01-13 19:18 ` Ilari Liusvaara
2010-01-13 19:30 ` Avery Pennarun
2010-01-13 20:06 ` Ilari Liusvaara
2010-01-13 20:13 ` Avery Pennarun
2010-01-13 21:04 ` Ilari Liusvaara
2010-01-13 22:03 ` Avery Pennarun
2010-01-13 22:06 ` Shawn O. Pearce
2010-01-13 23:00 ` Ilari Liusvaara
2010-01-13 23:51 ` Avery Pennarun
2010-01-14 8:51 ` Ilari Liusvaara
2010-01-14 20:46 ` Avery Pennarun
2010-01-14 23:08 ` Ilari Liusvaara
2010-01-13 19:40 ` Andreas Krey
2010-01-13 20:47 ` Ilari Liusvaara [this message]
2010-01-13 19:11 ` Avery Pennarun
2010-01-13 20:00 ` Ilari Liusvaara
2010-01-13 20:13 ` Edward Z. Yang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100113204732.GB8383@Knoppix \
--to=ilari.liusvaara@elisanet.fi \
--cc=a.krey@gmx.de \
--cc=git@vger.kernel.org \
--cc=pclouds@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).