On Wed, Aug 13, 2008 at 06:36:46PM +0200, Petr Baudis wrote:
On Wed, Aug 13, 2008 at 06:26:44PM +0200, Stephen R. van den Berg wrote:
What are the opinions on adding a basic challenge-response type
authentication mechanism to the native git protocol?
I.e. the authentication would be a simple one, which uses
SHA1 (surprise ;-) to actually encrypt username/password/salt
and authenticate the user.
In the past, such an idea was dismissed with desire not to reimplement
something ssh already implemented, and much better than we would.
The problem is that ssh ties you in very closely with the ability to
log into the machine. It's also hard to limit what ssh allows while
still allowing some users more priveleges.
But, this problem comes up with other protocols that use ssh for
authentication as well, so perhaps the solution is to fix the problems
with ssh to allow it to more securely allow non-login services.
David
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
