Re: Master passphrase approach, authn storage, cobwebs in C-Mike's head, ...

On 04/05/2012 10:33 PM, Greg Stein wrote:
>> If not, any suggestions on where the master passphrase fetch/store
>> bits might best fit in?
>
> A new callback. But you definitely need a DSO option so core svn does not
> have GNOME/KDE dependencies. Instead, they load a small DSO that implements
> the master get/set functionality. Maybe a tiny vtable.
>
> I think the OS-based ones are not DSO since there is no heavy dep chain to
> be concerned about.
>
> Dunno where GPG comes in. Is there a library and heavy deps associated with
> that?

You are correct. Today we have DSO options for GNOME/KDE, and simple
#if-wrapping for Win32 and MacOS. GPG Agent doesn't have the lib/heavy
deps, as the code communicates with the agent not through a custom API, but
directly via socket I/O.

Not sure what you're envisioning when you say "a new callback".

>> I mean, do third-party clients really need to pick and choose which
>> providers they want to use?
>
> Not the types of auth, but the client needs a way to prompt. The client_ctx
> prompt callback may be enough, but I dunno (does that support two inputs?
> such as username and password).

We have several different kinds of prompting callbacks offered by the
various providers at this point, and I believe those are required. But I
wonder if they can't all be lumped into one giant authn prompt callback vtable.

What about other benefits of the existing system?

* third-party authn providers can be written and used
* authn providers can be ordered according to a client's desires

Are there any known clients taking advantage of these features?

-- 
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet   <>   www.collab.net   <>   Distributed Development On Demand