On 2019-10-17 at 14:33:38, Ralph Ewig wrote: > Quick follow up question: can the git client pass > a token read from a cookie with a request? That > would enable users to sign-in via a browser, store > the cookie, and then use that as the access token > to authenticate a git request.
Git has an option, http.cookieFile, that can read a cookie from a file, yes. That does, of course, require that you're able to put the cookie in a file from a web browser. I'm not aware of any web browsers that easily provide an option to dump cookies into a file. Also, just as a note, this approach definitely won't work for automated systems you have, such as CI systems. That's why I suggested Kerberos: because you can have services that have principals and you can use those credentials in your CI systems to access code and run jobs. Clearly you know your infrastructure and users better than I do, but I don't recommend having a web-based sign-on as your only form of authentication for a Git server. It's going to cause a lot of pain and inconvenience on all sides. -- brian m. carlson: Houston, Texas, US OpenPGP: https://keybase.io/bk2204
signature.asc
Description: PGP signature
