Thus said Matt Welland on Sat, 01 Feb 2014 08:52:56 -0700:
> In my opinion fossil should prompt the user for username/password as
> appropriate on receipt of a 401. If the channel is not ssl then a
> warning/are you sure would be a good idea.
Please try the latest from the http-auth branch
I've been using basic auth over https for quite a while now. In my
deployment it's undesirable to use fossil's built in password storage
mechanism because I have other services running behind the http server and
on the server side it's convenient to have 1 password back-end for ssh /
http / various
On Sat, Feb 1, 2014 at 1:29 PM, Andy Bradford wrote:
> Thus said "Andy Bradford" on 01 Feb 2014 10:04:23 -0700:
>
> > Thus said Kevin Martin on Sat, 01 Feb 2014 09:14:20 +:
> >
> > > How does fossil authenticate with a server, does it send the
> > > password plaintext? HTTP Basic Auth
Thus said Kevin Martin on Sat, 01 Feb 2014 09:14:20 +:
> I'm not sure whether this should just happen by default unless the
> connection is HTTPS as defaulting to sending plaintext auth data over
> HTTP seems like a bad idea.
Agreed. It should not happen automatically when the data wil
Thus said "Andy Bradford" on 01 Feb 2014 10:04:23 -0700:
> Thus said Kevin Martin on Sat, 01 Feb 2014 09:14:20 +:
>
> > How does fossil authenticate with a server, does it send the
> > password plaintext? HTTP Basic Auth does!
>
> It's not encrypted, no, only base64 encoded.
It seems
Thus said Matt Welland on Sat, 01 Feb 2014 08:52:56 -0700:
> In my opinion fossil should prompt the user for username/password as
> appropriate on receipt of a 401. If the channel is not ssl then a
> warning/are you sure would be a good idea.
Would the username/password for this authoriza
Thus said Kevin Martin on Sat, 01 Feb 2014 09:14:20 +:
> How does fossil authenticate with a server, does it send the password
> plaintext? HTTP Basic Auth does!
It's not encrypted, no, only base64 encoded.
> I'm not sure whether this should just happen by default unless the
> connectio
On Sat, Feb 1, 2014 at 2:14 AM, Kevin Martin wrote:
>
> On 1 Feb 2014, at 05:03, Andy Bradford wrote:
>
> > If everyone else agrees that this is a good idea (automatically sending
> > HTTP Authorization in response to 401)
>
> How does fossil authenticate with a server, does it send the passw
On 1 Feb 2014, at 05:03, Andy Bradford wrote:
> If everyone else agrees that this is a good idea (automatically sending
> HTTP Authorization in response to 401)
How does fossil authenticate with a server, does it send the password
plaintext? HTTP Basic Auth does!
I'm not sure whether this
Thus said Tal Yardeni on Wed, 29 Jan 2014 08:31:09 -0700:
> I think fossil should automatically detect the 401 and respond
> accordingly.
This turned out to be much simpler than I initially thought... I have
just committed a change that makes Fossil automatically resend the
reque
Thus said Ron Wilson on Thu, 30 Jan 2014 16:57:58 -0500:
> What part seems to be the problems?
I'm not sure there is a problem, but there have been some
suggestions/questions about how Fossil could handle disparate usernames
(e.g. the HTTP Authenticated user is not the same
On Wed, Jan 29, 2014 at 10:44 AM, Andy Bradford wrote:
> Thus said Kevin Martin on Wed, 29 Jan 2014 09:50:05 +:
> ...
> > I'd like to use basic auth and fossil auth with different
> > users/passwords.
>
> This currently does not work. I've actually done some experimentation
> w
Thus said Kevin Martin on Wed, 29 Jan 2014 09:50:05 +:
> I don't quite understand this, does it use basic authentication
> instead of fossil authentication? How does the fossil server process
> know which user you are?
I realize that my last response to these questions was inco
Thus said Kevin Martin on Wed, 29 Jan 2014 09:50:05 +:
> I don't quite understand this, does it use basic authentication
> instead of fossil authentication? How does the fossil server process
> know which user you are?
Currently Fossil inspects the REMOTE_USER environment variable t
I think fossil should automatically detect the 401 and respond accordingly.
It is a reasonably standard status code from them web server.
I would also like to see fossil automatically picking up the username from
the shell, as long as we're dreaming :)
Thanks,
Tal
On Tue, Jan 28, 2014 at 11:59
On 29 Jan 2014, at 06:59, Andy Bradford wrote:
> I've just started a branch for exploring a different way to enable the
> use of HTTP Authorization headers in requests:
I don't quite understand this, does it use basic authentication instead of
fossil authentication? How does the fossil serve
Hello,
I've just started a branch for exploring a different way to enable the
use of HTTP Authorization headers in requests:
http://www.fossil-scm.org/index.html/info/e747041a72
Of course, removing the special character as a flag to enable HTTP Auth
could potentially break some users who r
17 matches
Mail list logo