rahul wrote: > Hi, > I have posted the diff for allowing pkgsend to ask for user > credentials and using basic auth at > http://defect.opensolaris.org/bz/show_bug.cgi?id=689 > > I would like to get some comments on this bug, especially accepting > the credentials from the user. > > Other than the approach taken the other alternatives are: > > 1) cvs/svn like .pkg directory/file where the auth info is stored > > 2) allow user to specify a username and a password file as parameters > > 3) allow user to specify a username and a password file as environment > values. > > 4) allow only signed packages? (would require changes at pkg.depot too,)
Can we make sure that this is ONLY done over https connections please otherwise it is sending clear text passwords over the wire. Why is this hand coded rather than using urllib2.HTTPBasicAuthHandler ? It would be nice to also see HTTPDigestAuthHandler supported added too. Sample code is on page 503 of the Python in an Nutshell book. Also is it going to ask for creds for every package being sent or just once ? It would be very helpful to be able to read the creds from a file (NOT as CLI arguments or environment variables for the password, the username can be a cli argument or in the URL). -- Darren J Moffat _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
