On Fri, 2007-05-04 at 03:01 +0200, Dr. Peter Poeml wrote:
> Hi,
>
> On Thu, May 03, 2007 at 05:11:46PM -0400, seth vidal wrote:
> > On Thu, 2007-05-03 at 09:18 +0200, Tim Lauridsen wrote:
> > > > 5. yum-gate - take the code that rnorwood posted and maybe work on
> > > > making it more releasable for folks to use as an authenticated yum repo.
> > > > Alternatively, look at one of the other system-config-mgmt tools to work
> > > > for that.
> > > >
> > > I have just got some patches from another IBM'er, that make changes to
> > > UG and yum to support a client side SSL cert. I will post it on the list.
> >
> > I liked those patches. If we could document how to use that feature +
> > apache cleanly it might work out well. Curiously, is it possible to auth
> > via ssl client cert without connecting to an ssl site? That would make
> > the payloads lighter but strongly authenticated.
>
> No, that is not possible.
>
> But in cases where authentication must be strong, whereas the
> transferred data (packages & metadata) is not sensitive wrt
> eavesdropping, digest authentication makes most sense.
> http://en.wikipedia.org/wiki/Digest_authentication
> urllib2 should support that.
I believe some for of digest authentication was used by Red Carpet when
I used it a few years ago. Everything was standard HTTP requests back
to the server (not SSL), but each client had a unique identifier in the
HTTP requests and the server would "authenticate" each client using that
unique id.
I don't know if rcd (Red Carpet daemon) is now open-sourced, but it
would be interesting to see if their technology would be applicable in
the case of authenticated yum repos without the overhead of SSL for
everything.
/Brian/
--
Brian Long | |
. | | | . | | | .
' '
C I S C O
_______________________________________________
Yum-devel mailing list
[email protected]
https://lists.dulug.duke.edu/mailman/listinfo/yum-devel
