On 2013-08-11 14:49, Chad Perrin wrote:
Thanks for all your information about issues related to axTLS. Not
everything you said warrants a specific response from me, but the
"thanks" is my general response for everything to which I do not
[snip]
Much simpler provided that all you need/want is cmdline access.
With the standard ssh functionality you can get by. The only minor
thing
in that setup is that the log is not recording the user that did
clone/sync/pull/push but the fossil owner. I quess that is easy enough
to fix. But do use forced commands otherwise people can gain access to
the fossil account. If you so wish to prevent logins. Or prevent logins
by using the shell /bin/nologin.
Err . . . wait. Is it not logging the *user*, or just the IP address?
What would it log in place of the actual authenticated Fossil user
account that initiated the sync?
The user in the current ssh functionality is not authenticated against
fossil.
And in a single user setup that makes sense. In most cases a ssh key has
a 1 on 1 relation
with the unix account. In which case having the ssh key is OK and login
in to fossil is redundant.
And since you are the owner of that account. You already have the
highest level
of capabilities. Logging the owner makes perfect sense because of this 1
on 1 relationship
However If your going to break that relation by having n keys on 1
account
then, I presume, your doing something with fossil which wasn't
designed.
--
Rene
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
