[Zope-dev] Re: http access to svn repos?
Tino Wildenhain
tino at wildenhain.de
Wed Mar 8 08:15:19 EST 2006
Mark Hammond schrieb:
> Chris quoting Jim:
>
>
...
>
>>I would support HTTP anonymous checkouts. I'm really against
>>writable HTTP checkouts because I consider the credentials
>>mechanism for HTTP access to be extremely lame.
>
>
> whether SVN or not, I'm guessing any use of HTTP basic authentication
> mechanism qualifies as "extremely lame"! I've no idea if this is what Jim
> meant though :)
Well, I hope ;) he meant client certificates. This is doable but a bit
of work for the certificate people to issue one to the user in addition
to the ssh-pubkey stuff. Not actually quite in line w/ what you should
do as a CA but possible and not more insecure then current ssh-pubkey
auth would be a script which can be run with the ssh-useraccount
and produces/registeres a given client certificate for that user.
Something like: ssh cert.zope.org generate >mycert.csr
when your ssh-pubkey is set up.
And likewise ssh cert.zope.org retract <mycurrentcert.csr
to disable a given client certificate.
Just some mad ideas...
Regards
Tino
PS: there is no need to have an official CA, any private setup would do.
More information about the Zope-Dev
mailing list