Mark Hammond schrieb:
Chris quoting Jim:


I would support HTTP anonymous checkouts.  I'm really against
writable HTTP checkouts because I consider the credentials
mechanism for HTTP access to be extremely lame.

whether SVN or not, I'm guessing any use of HTTP basic authentication
mechanism qualifies as "extremely lame"!  I've no idea if this is what Jim
meant though :)

Well, I hope ;) he meant client certificates. This is doable but a bit
of work for the certificate people to issue one to the user in addition
to the ssh-pubkey stuff. Not actually quite in line w/ what you should
do as a CA but possible and not more insecure then current ssh-pubkey
auth would be a script which can be run with the ssh-useraccount
and produces/registeres a given client certificate for that user.

Something like: ssh generate >mycert.csr
when your ssh-pubkey is set up.

And likewise ssh retract <mycurrentcert.csr
to disable a given client certificate.

Just some mad ideas...


PS: there is no need to have an official CA, any private setup would do.
Zope-Dev maillist  -
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to