[Zope-dev] Re: http access to svn repos?

Tino Wildenhain tino at wildenhain.de
Wed Mar 8 08:15:19 EST 2006


Mark Hammond schrieb:
> Chris quoting Jim:
> 
> 
...
> 
>>I would support HTTP anonymous checkouts.  I'm really against
>>writable HTTP checkouts because I consider the credentials
>>mechanism for HTTP access to be extremely lame.
> 
> 
> whether SVN or not, I'm guessing any use of HTTP basic authentication
> mechanism qualifies as "extremely lame"!  I've no idea if this is what Jim
> meant though :)

Well, I hope ;) he meant client certificates. This is doable but a bit
of work for the certificate people to issue one to the user in addition
to the ssh-pubkey stuff. Not actually quite in line w/ what you should
do as a CA but possible and not more insecure then current ssh-pubkey
auth would be a script which can be run with the ssh-useraccount
and produces/registeres a given client certificate for that user.

Something like: ssh cert.zope.org generate >mycert.csr
when your ssh-pubkey is set up.

And likewise ssh cert.zope.org retract <mycurrentcert.csr
to disable a given client certificate.

Just some mad ideas...

Regards
Tino

PS: there is no need to have an official CA, any private setup would do.


More information about the Zope-Dev mailing list