Hi, On 17/05/2011 09:22, Daniel Lundin wrote: > 2011-05-17 10:13, Alan R Williams skrev: >> On 17/05/2011 08:43, Daniel Lundin wrote: > [...] >>> I wonder though, in the old tool there was space for public key >>> authentication (using the standard ssh key pair), but I can't find that >>> in 2.3. Are there any plans for that? >> You should be able to do that via the credential manager (under >> Advanced), but I'll check with Alex Nenadic, the security expert here. >> > Can't find that. I tried importing my private key under "Your > certificates", but that was probably not meant for ssh key pairs. I'll > wait to hear from Alex. I do not think that the external tool support client authentication with X.509 certificates - I believe it only uses username and password pairs. Alan can confirm (or deny) this. We can put that in our bug tracker system and have a look at adding that option. > (BTW, I'm still horrified by seeing my password in clear text in the > credentials manager. Don't think I'll ever get used to that, even if I > understand it can be good for tracking down connection problems. Key > authentication would be preferable also for this reason, given that the > passphrase to the private key is not stored anywhere.) > You password is not stored in cleartext - it is encrypted on your hard disk inside Credential Manager's keystore. You are allowed to see passwords in Credential Manager after unlocking it with your master password as they are, after all, your passwords. Users tend to forget them and want to be able to see them. We had a discussion about that (we used to have passwords shown masked and there was an option to see them but decided against this additional step of masking passwords). So - the protection is as strong as Bouncy Castle Uber Keystore's is. You do not have to store anything in Credential Manager if you do not want to - you will be asked for your credentials every time they are needed.
As far as key authentication goes - you would also have to import your private key inside Credential Manager and unlock it at the time of importing using your passphrase. After that, it would be locked with your Credential Manager's password (which is also not stored anywhere). Regards, Alex ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ taverna-users mailing list [email protected] [email protected] Web site: http://www.taverna.org.uk Mailing lists: http://www.taverna.org.uk/about/contact-us/
