* rahul <[EMAIL PROTECTED]> [2008-03-06 14:21]: > Hi, > I have posted the diff for allowing pkgsend to ask for user > credentials and using basic auth at > http://defect.opensolaris.org/bz/show_bug.cgi?id=689 > > I would like to get some comments on this bug, especially accepting > the credentials from the user. > > Other than the approach taken the other alternatives are: > > 1) cvs/svn like .pkg directory/file where the auth info is stored > > 2) allow user to specify a username and a password file as parameters > > 3) allow user to specify a username and a password file as environment > values. > > 4) allow only signed packages? (would require changes at pkg.depot too,) > > > > The current implementation was tested on a Sun Java System Webproxy > configured as a secure reverse proxy with acls to protect /open.* alone.
I don't like this approach very much, since it ignores that we need a set of publication authorizations on the server side. I would much rather see an authenticated transaction between pkgsend and pkg.depotd, perhaps similar to the approach taken in WCAP. That is, the client asks for a transaction handle for its credential, the server sends a challenge, the client responds, and then the server sends a valid token. This would make sufficient change on both sides that a later developer could start to separate the publication authorizations into more fine-grained groups... With a challenge-response model, securing the transport may be treated separately and trusted intermediate proxies can be ignored. - Stephen -- [EMAIL PROTECTED] http://blogs.sun.com/sch/ _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
