Re: [gitorious] Kerberos authentication

Marius Mårnes Mathiesen Tue, 17 Apr 2012 01:32:14 -0700

Ken,
Great work! I know next to nothing about Kerberos, but it's been on my todo
list for a while to investigate how to support it in Gitorious.

I see that you had to do quite some legwork to allow for an authentication
API that doesn't require an explicit username and password. I'd really
prefer a single authentication API than branching logic in the client code.

The authentication modules probably should take a single parameter, not an
explicit username/password combination. This way, "your" module would
receive the HTTP request as its parameter to authenticate (instead of the
separate authenticate_http method). We'll just wrap the existing email
address/password combination into an object and pass that to the other
authentication modules, eg.:

module Gitorious
  module Authentication
    class DatabaseAuthentication
      def authenticate(credentials)
        User.authenticate(credentials.username, credentials.password)
      end
    end
  end
end

I'm thinking that this would make your code even easier to read, what do
you think?

And again: thanks! We really appreciate this.

Cheers,
- Marius

On Fri, Apr 13, 2012 at 1:52 AM, Ken Dreyer <ktdre...@ktdreyer.com> wrote:

> On Wed, Apr 11, 2012 at 8:10 PM, Ken Dreyer <ktdre...@ktdreyer.com> wrote:
> > I recently hacked Kerberos authentication onto the Gitorious web
> interface.
>
> I ended up implementing this in a less hackish way, with a proper
> Gitorious::Authentication::KerberosAuthentication module. The core
> code changes are not as daunting now.
>
> I added a "authenticate_http" method to the main
> Gitorious::Authentication module, to support authentication modules
> that do not use a username+password combination.
>
> Lastly, I added an "http" method to the sessions controller, which
> will handle single sign-on authentication.
>
> Patch against master is attached.
>
> --
> To post to this group, send email to gitorious@googlegroups.com
> To unsubscribe from this group, send email to
> gitorious+unsubscr...@googlegroups.com
>

-- 
Marius Mårnes Mathiesen
Rubyist, Shortcut AS
Tel.: (+47) 92 60 95 38.

http://shortcut.no

-- 
To post to this group, send email to gitorious@googlegroups.com
To unsubscribe from this group, send email to
gitorious+unsubscr...@googlegroups.com

Re: [gitorious] Kerberos authentication

Reply via email to