On Fri, Jul 01, 2011 at 10:00:27AM -0700, Junio C Hamano wrote: > > It would be interesting also to plug some sort of password-safe unto > > git, or some "git-agent". > > I am not particularly interested in seeing git specific agent. Something > that can be called as an external process that talks with existing > practices (gpg agent and friends) would be nice. Coincidentally, I am working on a big patch series for exactly this. It is still lacking some docs and tests, but if you want to take a peek, it's at: https://github.com/peff/git.git jk/http-auth It runs external credential helpers, giving them a unique context (like the protocol and hostname for http connections), as well as a username, if we already have one. The goal is two-fold: 1. Plug into existing password wallets that are going to be user- and OS- specific. 2. Provide a few stock helpers to implement simple policies in a pluggable way. Right now I have two helpers: "store", and "cache". Both will check internal storage for a password; if we don't have one, they will prompt and put the result in internal storage. In either case, the password is sent back to git. They differ in what "internal storage" means. In the case of "store", it is a mode 600 ~/.git-credentials file. Yes, this is horribly insecure. But it's what some people want, it's no worse than .netrc, and it's what svn does (and what gitter wouldn't be swayed by that last argument? :) ). It's a little more friendly than netrc because the storage happens transparently. I think the docs for this should discourage it because of the security implications, and it should definitely never become the default. For "cache", we fork off a storage daemon which keeps the password in memory for a specified period of time. The password never touches the disk. It doesn't mlock() right now, but it could on platforms that support it. Both are obviously mediocre solutions in comparison to a real password wallet[1]. But they're really simple to implement and give us a better baseline to ship with git. I'm hoping users of individual keychains will implement helpers to use them. Somebody from GitHub is going to work on an OS X keychain helper. I personally use a home-grown password safe; writing a read-only helper was about 10 lines of shell code. Anyway, if people want to try it out, build the branch I mentioned above and configure it like: # horribly insecure git config http.credentialhelper store or # a little better git config http.credentialhelper cache # we will now cache results for 15 minutes, but there's no reason not # to store the username all the time, to avoid having to type it on a # cache miss git config credential.https:github.com.username peff I've been using it for the past week or so, but I'm sure there are lurking bugs. If you run into any, let me know. -Peff [1] Obviously this entire exercise is an attempt to make https authentication as nice a user-experience as ssh with keys and ssh-agent. So it's tempting to say "just use ssh with keys". But I think the reality is that ssh and keys are just too challenging for a subset of the user population (especially ones on operating systems without good support). Apparently GitHub's most common tech support issues are people unable to figure out how to make ssh keys, set up an agent, etc. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html