From: Jeff King <peff@peff.net>
To: Junio C Hamano <gitster@pobox.com>
Cc: "Shawn O. Pearce" <spearce@spearce.org>,
"Rémi Vanicat" <vanicat@debian.org>,
git@vger.kernel.org
Subject: Re: [Wishlist] could git tell which password it is asking when asking a password.
Date: Fri, 1 Jul 2011 16:46:24 -0400 [thread overview]
Message-ID: <20110701204624.GA32731@sigill.intra.peff.net> (raw)
In-Reply-To: <7v62nmos0k.fsf@alter.siamese.dyndns.org>
On Fri, Jul 01, 2011 at 10:00:27AM -0700, Junio C Hamano wrote:
> > It would be interesting also to plug some sort of password-safe unto
> > git, or some "git-agent".
>
> I am not particularly interested in seeing git specific agent. Something
> that can be called as an external process that talks with existing
> practices (gpg agent and friends) would be nice.
Coincidentally, I am working on a big patch series for exactly this.
It is still lacking some docs and tests, but if you want to take a peek,
it's at:
https://github.com/peff/git.git jk/http-auth
It runs external credential helpers, giving them a unique context (like
the protocol and hostname for http connections), as well as a username,
if we already have one. The goal is two-fold:
1. Plug into existing password wallets that are going to be
user- and OS- specific.
2. Provide a few stock helpers to implement simple policies in a
pluggable way.
Right now I have two helpers: "store", and "cache". Both will check
internal storage for a password; if we don't have one, they will prompt
and put the result in internal storage. In either case, the password is
sent back to git. They differ in what "internal storage" means.
In the case of "store", it is a mode 600 ~/.git-credentials file. Yes,
this is horribly insecure. But it's what some people want, it's no worse
than .netrc, and it's what svn does (and what gitter wouldn't be swayed
by that last argument? :) ). It's a little more friendly than netrc
because the storage happens transparently. I think the docs for this
should discourage it because of the security implications, and it should
definitely never become the default.
For "cache", we fork off a storage daemon which keeps the password in
memory for a specified period of time. The password never touches the
disk. It doesn't mlock() right now, but it could on platforms that
support it.
Both are obviously mediocre solutions in comparison to a real password
wallet[1]. But they're really simple to implement and give us a better
baseline to ship with git. I'm hoping users of individual keychains will
implement helpers to use them. Somebody from GitHub is going to work on
an OS X keychain helper. I personally use a home-grown password safe;
writing a read-only helper was about 10 lines of shell code.
Anyway, if people want to try it out, build the branch I mentioned above
and configure it like:
# horribly insecure
git config http.credentialhelper store
or
# a little better
git config http.credentialhelper cache
# we will now cache results for 15 minutes, but there's no reason not
# to store the username all the time, to avoid having to type it on a
# cache miss
git config credential.https:github.com.username peff
I've been using it for the past week or so, but I'm sure there are
lurking bugs. If you run into any, let me know.
-Peff
[1] Obviously this entire exercise is an attempt to make https
authentication as nice a user-experience as ssh with keys and ssh-agent.
So it's tempting to say "just use ssh with keys". But I think the
reality is that ssh and keys are just too challenging for a subset of
the user population (especially ones on operating systems without good
support). Apparently GitHub's most common tech support issues are people
unable to figure out how to make ssh keys, set up an agent, etc.
next prev parent reply other threads:[~2011-07-01 20:46 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-01 13:59 [Wishlist] could git tell which password it is asking when asking a password Rémi Vanicat
2011-07-01 17:00 ` Junio C Hamano
2011-07-01 17:16 ` Junio C Hamano
2011-07-01 17:18 ` Shawn Pearce
2011-07-01 17:50 ` Junio C Hamano
2011-07-01 19:25 ` Rémi Vanicat
2011-07-01 20:01 ` Ted Zlatanov
2011-07-01 20:30 ` Junio C Hamano
2011-07-01 20:48 ` Jeff King
2011-07-01 20:46 ` Jeff King [this message]
2011-07-01 17:04 ` Ted Zlatanov
2011-07-14 14:05 ` encrypted netrc for Git (was: [Wishlist] could git tell which password it is asking when asking a password.) Ted Zlatanov
2011-07-14 15:00 ` Jeff King
2011-07-15 17:08 ` encrypted netrc for Git Ted Zlatanov
2011-07-15 21:05 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110701204624.GA32731@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=spearce@spearce.org \
--cc=vanicat@debian.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).