Hi, I'm wondering if optional password manager support would be a welcomed addition to fossil. It does a good job of managing its own passwords internally but I have a setup where the users / passwords are actually system accounts and the remote HTTPS server hosting the repository uses a PAM module (http://en.wikipedia.org/wiki/Pluggable_authentication_module) to check credentials sent using the HTTP basic authorization mechanism. The repositories on the server are configured to use "external" authorization.
I've been experimenting with gnome-keyring and the latest fossil source release such that if the server sends back a 401 error code the user is prompted for a username & password that will get them past the HTTP server and then stores the credentials and info in the gnome-keyring in accordance with the network password schema. During subsequent invocations of fossil the keyring is checked for credentials and if they are present they're appended to the HTTP request header so the server can authenticate the request. This has the advantage that system account info isn't stored in the local fossil DB if a user wants the password to be remembered. User permissions for the development team on the central repository are easy to manage. Also, the keyring can be locked when not in use. I realize not everybody uses the Gnome Desktop. But, the concept could be extended to support OSX Keychain, KDE Wallet, of the Windows equivalent. Gnome Keyring doc reference: https://developer.gnome.org/gnome-keyring/unstable/gnome-keyring-Simple-Password-Storage.html Any comments? Regards, Dave
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
