On the master, we have users and roles, but I really don't want to drag Redback into the build agent and require a database.
Starting out with a simple shared secret sounds good -- even if it's in plain text in the client config, I'm already planning to use https:// urls so it wouldn't be going in plain text over the wire. I'm not familiar enough with client ssl certs. How would this work? (My experience runs to chasing down missing intermediate and self-signed certificates and installing them with keytool so a simple https:// connection will work.) Is it something that would be available by configuring the server and client JVMs, outside of anything we'd have to do in Continuum itself? Thanks, -- Wendy On Mon, Jan 19, 2009 at 1:15 PM, Christian Edward Gruber <[email protected]> wrote: > The simple answer would be a shared secret, provided in the configuration of > the agent. So long as the master can provide the shared secret to the > agent, it'll respond appropriately. Client-ssl certs could work, though > recent root-certificate-authority hacks may make that less than perfect. > But ultimately, I think the same sorts of auth options that any web-app has > available to it could be used, so long as nothing is sent in clear-text.
