[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authentication

From: Daniel Rall <dlr_at_finemaltcoding.com>
Date: 2001-09-04 18:23:54 CEST

"Sander Striker" <striker@apache.org> writes:

> > "Sander Striker" <striker@apache.org> writes:
> >
> >> [auth methods]
> >> - anonymous (http and https)
> >> - user/passwd (http and https)
> >> - client cert (https)
> >
> > Sometimes multiple layers of authentication are desired (i.e. both
> > user/password and certs).
>
> AFAIK this is possible to do in apache (the example you provide).
>
> I don't see this as desired though. A cert should be enough,
> it identifies and authenticates the user. Can you give me an
> example of where it isn't (with subversion in mind)?

When customer requirements dictate otherwise (one could argue that
multilayer authentication is theoretically more secure).

Personally, certs would be secure enough for me. However, IMHO the
ability to implement multi-layer authentication should be supported
for situations where layering is desired.

                                Daniel

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 21 14:36:39 2006

This is an archived mail posted to the Subversion Dev mailing list.