Re: Auth in ra_dav

On Fri, Aug 24, 2001 at 01:40:25PM +0200, Sander Striker wrote:
>...
> >> In the mean time, I'll see what I can find out about possibly writing
> >> a mod_auth_ssh / lib_ssh for per user 'tunnels'. This might have
> >> a wider application than subversion, come to think of it.
> >
> > Eh? Apache 2.0's mod_ssl already handles client certs, if I understand
> > things correctly.

Erp. Excuse me... I just realized you typed "ssh" rather than "ssl".

But ssh isn't what we want at all...

>...
> Imagine a community site moving over from ssh/cvs to subversion. It would
> be very nice if we could 'recycle' the users public keys (which were already
> present on the cvs machine) in subversion.

Agreed.

> What would be needed for that is
> probably a mod_ssh in apache and a ssh client lib to make life easier.
> Right now with ssh there are two ways to do tunneling:

Nobody said anything about tunneling. We will definitely not do that. We
*have* a network protocol -- it is called HTTP. And that protocol can do
serious security (SSL/TLS, client certs, encryption, etc), commonly known as
"https".

We'll use SSL and client certs. SSH tunneling is rather bogus when you
realize that HTTP over SSL and SSH are generally using the same technique --
why tunnel when our basic network can be secure?

>...
> But... I'll go bother some people first about ssl and ssh to get a bit
> better informed.

Good thinking :-)

Truly, the issue that we'd want to think about is how people can use their
ssh identities for SVN, and whether that is a good idea. (IMO, using a
different key pair for SVN is not a big deal, and could even be a Good Thing)

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org