On Fri, Aug 24, 2012 at 3:59 AM, Stuart Hughes <[email protected]> wrote: > Hi Mike, > > On the authentication stuff, it depends what you mean. If you want to > restrict access you could do this on the server side and use Apache "allow > from" clauses, another mechanism would be to use one of the HTTP auth > methods, basic (which is almost useless) or md5, which isn't bad. The other > thing you could do is to use a server side script. For example, the LTIB > GPP access is intercepted by mod_rewrite and a script is run, this is used > to limit the bandwidth per hour per IP requests. You could do something > similar for auth. > > I'm a bit wary about adding any auth mechanism into LTIB, because whichever > one is put in, it won't be the one user xyz wants, so that will get added > and it could all get horribly out of control. However, I've no real > objections to adding %ppp_opts etc. It really depends on what you intend to > do with them. What kind of auth mechanism did you have in mind?
I was planning to use one of the server side authentication methods since I don't think wget provides much else. Then use options like --http-user= and --http-password=. Will also use --no-check-certificate else wget bails on self-signed certs, > So far as WGETRC goes, this is another tricky issue. On the one hand I > don't really want to prevent people having some control by setting this to > some override value that doesn't kill LTIB, on the other hand you're right > that potentially bad values could cause it to kill ltibs wgets. Updating the documentation may be sufficient. Probably a good point to bring up when some have trouble downloading from ltib. > Regards, Stuart > > > On 23/08/12 13:36, Mike Goins wrote: >> >> I maintain a local gpp and ppp. I use the gpp for FOSS items and keep >> a few vendor items in the ppp. This allows the gpp to be publicly >> available, but the ppp is only accessible on the company network. >> However, I would like to put some sort of authentication on the ppp >> and make it external facing. This would allow moving my continuous >> integration systems off-site. >> >> There doesn't appear to any method to put credentials in ltib, so I am >> looking at a way to add. What I have come up with so far. >> >> Add new configs to .ltibrc to allow site specific opts: >> %gpp_opts >> %ppp_opts >> >> In get_remote_file(), since it iterates over the pp list, append these >> options to the wget_opts. >> >> >> Seem OK? Has anyone else used or tried authentication? >> >> >> Side note: Shouldn't ltib be setting the WGETRC environment variable >> anyway, even if to a non-existent location? ltib uses the host built >> /opt/ltib/usr/bin/wget, so it would seem prudent to avoid getting the >> user's .wgetrc which may interfere with the the parameters ltib has >> set up or add parameters that ltib "skips". >> >> > _______________________________________________ LTIB home page: http://ltib.org Ltib mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/ltib
