Re: [fossil-users] Multiple Repos: single sign on
On Sat, Mar 12, 2011 at 9:36 PM, Nathaniel R. Reindl wrote: > The only problem with this is that an HTTP client will implement > internal session handling inconsistently from another HTTP client. > The implication of this is that, while you can log in using basic or > digest HTTP authentication -- whether over SSL or otherwise -- you > lack the ability to log out. If clients are violating the rules of HTTP Digest Authentication, then I suppose it would be necessary to implement an alternate authentication extension for the webserver. Either that or enhance Fossil to provide a means for multiple repositories on the same server to share authentication credentials. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Multiple Repos: single sign on
On Tue, Mar 8, 2011 at 2:29 PM, Ron Wilson wrote: > I think the best way is to set up Fossil to run as a CGI under a > webserver and let the webserver take care of authentication of user > ids. If you do this, you should set up the webserver to require HTTPS > seesions because even HTTP Hash Authentication is weakly secure. The only problem with this is that an HTTP client will implement internal session handling inconsistently from another HTTP client. The implication of this is that, while you can log in using basic or digest HTTP authentication -- whether over SSL or otherwise -- you lack the ability to log out. That's just as much a security point in itself as the method by which information is transmitted between two parties. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Multiple Repos: single sign on
On Sun, Mar 6, 2011 at 8:05 AM, David Bovill wrote: > I'm trying to set up multiple repositories on a server, and have a few > questions. Is there anyway to share logins and/or access across multiple > hosted repos? The only way I can think of doing it is scripting something on > the command line to iterate through each repository? I think the best way is to set up Fossil to run as a CGI under a webserver and let the webserver take care of authentication of user ids. If you do this, you should set up the webserver to require HTTPS seesions because even HTTP Hash Authentication is weakly secure. Each repository would continue to have its own per user permissions. I think that the default permissions will be those for anonymous. Any users needing more permissions than those on a given repo will have to explicitly assigned in Fossil on a per repo basis. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users