[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Credentials Caching - Security Guy Not Happy

From: Peter Valdemar Mørch <swp5jhu02_at_sneakemail.com>
Date: 2004-08-26 12:30:48 CEST

Max Bowsher maxb-at-ukf.net |Lists| wrote:
> I haven't done it myself, but I'd be surprised if there wasn't a way
> to gat PAM (and therefore ssh, and therefore svn+ssh) authenticating
> against the AD.

Patrick Smears patrick.smears-at-ensoft.co.uk |Lists| wrote:
> I was just about to suggest this... I don't have much experience with
> AD, but it's certainly fairly easy to have SSH authenticate against
> an NT domain... look up the "pam_smb.auth.so" PAM module.

ssh without ssh-add, yes. But that would require password prompting on
every operation just like for http://

But not ssh-agent. ssh-agent asks for the password embedded in
the (local) private key file, not the one stored in /etc/password or in
PAM or whereever on the remote machine. If the key file has a password,
no amount of Active Directory will open it without the password, and if
the key file doesn't have a password, it would be possible to use it
without any Active Directory checking.

Or so I think, anyway! :-D

Peter

-- 
Peter Valdemar Mørch
http://www.morch.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Aug 26 12:31:25 2004

This is an archived mail posted to the Subversion Users mailing list.