[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Master passphrase approach, authn storage, cobwebs in C-Mike's head, ...

From: Thomas Åkesson <thomas_at_akesson.cc>
Date: Sun, 15 Apr 2012 21:45:13 +0200

On 6 apr 2012, at 16:05, "C. Michael Pilato" <cmpilato_at_collab.net> wrote:

> On 04/05/2012 10:33 PM, Greg Stein wrote:
>>> If not, any suggestions on where the master passphrase fetch/store
>>> bits might best fit in?
>>
>> A new callback. But you definitely need a DSO option so core svn does not
>> have GNOME/KDE dependencies. Instead, they load a small DSO that implements
>> the master get/set functionality. Maybe a tiny vtable.
>>
>> I think the OS-based ones are not DSO since there is no heavy dep chain to
>> be concerned about.
>>
>> Dunno where GPG comes in. Is there a library and heavy deps associated with
>> that?
>
> You are correct. Today we have DSO options for GNOME/KDE, and simple
> #if-wrapping for Win32 and MacOS. GPG Agent doesn't have the lib/heavy
> deps, as the code communicates with the agent not through a custom API, but
> directly via socket I/O.
>
> Not sure what you're envisioning when you say "a new callback".

Just want to make sure you are aware of the initiative "Secret Service API" unifying Gnome and KDE. The spec is still a draft but it seems that both implement it.

http://standards.freedesktop.org/secret-service/

How would the hypothetical existence of such a secret storage on Windows impact this Subversion initiative?

>
>>> I mean, do third-party clients really need to pick and choose which
>>> providers they want to use?
>>
>> Not the types of auth, but the client needs a way to prompt. The client_ctx
>> prompt callback may be enough, but I dunno (does that support two inputs?
>> such as username and password).
>
> We have several different kinds of prompting callbacks offered by the
> various providers at this point, and I believe those are required. But I
> wonder if they can't all be lumped into one giant authn prompt callback vtable.
>
> What about other benefits of the existing system?
>
> * third-party authn providers can be written and used
> * authn providers can be ordered according to a client's desires
>
> Are there any known clients taking advantage of these features?
>
> --
> C. Michael Pilato <cmpilato_at_collab.net>
> CollabNet <> www.collab.net <> Distributed Development On Demand
>
Received on 2012-04-15 21:45:47 CEST

This is an archived mail posted to the Subversion Dev mailing list.