On Sat, Feb 1, 2014 at 1:29 PM, Andy Bradford amb-fos...@bradfords.orgwrote:
Thus said Andy Bradford on 01 Feb 2014 10:04:23 -0700:
Thus said Kevin Martin on Sat, 01 Feb 2014 09:14:20 +:
How does fossil authenticate with a server, does it send the
password plaintext? HTTP
I've been using basic auth over https for quite a while now. In my
deployment it's undesirable to use fossil's built in password storage
mechanism because I have other services running behind the http server and
on the server side it's convenient to have 1 password back-end for ssh /
http /
On 1 Feb 2014, at 05:03, Andy Bradford amb-fos...@bradfords.org wrote:
If everyone else agrees that this is a good idea (automatically sending
HTTP Authorization in response to 401)
How does fossil authenticate with a server, does it send the password
plaintext? HTTP Basic Auth does!
I'm
On Sat, Feb 1, 2014 at 2:14 AM, Kevin Martin ke...@khn.org.uk wrote:
On 1 Feb 2014, at 05:03, Andy Bradford amb-fos...@bradfords.org wrote:
If everyone else agrees that this is a good idea (automatically sending
HTTP Authorization in response to 401)
How does fossil authenticate with
Thus said Kevin Martin on Sat, 01 Feb 2014 09:14:20 +:
How does fossil authenticate with a server, does it send the password
plaintext? HTTP Basic Auth does!
It's not encrypted, no, only base64 encoded.
I'm not sure whether this should just happen by default unless the
connection
Thus said Matt Welland on Sat, 01 Feb 2014 08:52:56 -0700:
In my opinion fossil should prompt the user for username/password as
appropriate on receipt of a 401. If the channel is not ssl then a
warning/are you sure would be a good idea.
Would the username/password for this
Thus said Andy Bradford on 01 Feb 2014 10:04:23 -0700:
Thus said Kevin Martin on Sat, 01 Feb 2014 09:14:20 +:
How does fossil authenticate with a server, does it send the
password plaintext? HTTP Basic Auth does!
It's not encrypted, no, only base64 encoded.
It seems I
Thus said Kevin Martin on Sat, 01 Feb 2014 09:14:20 +:
I'm not sure whether this should just happen by default unless the
connection is HTTPS as defaulting to sending plaintext auth data over
HTTP seems like a bad idea.
Agreed. It should not happen automatically when the data will
Thus said Tal Yardeni on Wed, 29 Jan 2014 08:31:09 -0700:
I think fossil should automatically detect the 401 and respond
accordingly.
This turned out to be much simpler than I initially thought... I have
just committed a change that makes Fossil automatically resend the
On Wed, Jan 29, 2014 at 10:44 AM, Andy Bradford amb-fos...@bradfords.orgwrote:
Thus said Kevin Martin on Wed, 29 Jan 2014 09:50:05 +:
...
I'd like to use basic auth and fossil auth with different
users/passwords.
This currently does not work. I've actually done some
Thus said Ron Wilson on Thu, 30 Jan 2014 16:57:58 -0500:
What part seems to be the problems?
I'm not sure there is a problem, but there have been some
suggestions/questions about how Fossil could handle disparate usernames
(e.g. the HTTP Authenticated user is not the same
On 29 Jan 2014, at 06:59, Andy Bradford amb-fos...@bradfords.org wrote:
I've just started a branch for exploring a different way to enable the
use of HTTP Authorization headers in requests:
I don't quite understand this, does it use basic authentication instead of
fossil authentication?
I think fossil should automatically detect the 401 and respond accordingly.
It is a reasonably standard status code from them web server.
I would also like to see fossil automatically picking up the username from
the shell, as long as we're dreaming :)
Thanks,
Tal
On Tue, Jan 28, 2014 at 11:59
Thus said Kevin Martin on Wed, 29 Jan 2014 09:50:05 +:
I don't quite understand this, does it use basic authentication
instead of fossil authentication? How does the fossil server process
know which user you are?
Currently Fossil inspects the REMOTE_USER environment variable
Thus said Kevin Martin on Wed, 29 Jan 2014 09:50:05 +:
I don't quite understand this, does it use basic authentication
instead of fossil authentication? How does the fossil server process
know which user you are?
I realize that my last response to these questions was
Hello,
I've just started a branch for exploring a different way to enable the
use of HTTP Authorization headers in requests:
http://www.fossil-scm.org/index.html/info/e747041a72
Of course, removing the special character as a flag to enable HTTP Auth
could potentially break some users who
16 matches
Mail list logo