Re: Authentication

From: Daniel Rall <dlr_at_finemaltcoding.com>
Date: 2001-09-04 18:23:54 CEST

"Sander Striker" <striker@apache.org> writes:

> > "Sander Striker" <striker@apache.org> writes:
> >
> >> [auth methods]
> >> - anonymous (http and https)
> >> - user/passwd (http and https)
> >> - client cert (https)
> >
> > Sometimes multiple layers of authentication are desired (i.e. both
> > user/password and certs).
>
> AFAIK this is possible to do in apache (the example you provide).
>
> I don't see this as desired though. A cert should be enough,
> it identifies and authenticates the user. Can you give me an
> example of where it isn't (with subversion in mind)?

When customer requirements dictate otherwise (one could argue that
multilayer authentication is theoretically more secure).

Personally, certs would be secure enough for me. However, IMHO the
ability to implement multi-layer authentication should be supported
for situations where layering is desired.

Daniel

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 21 14:36:39 2006

This message: [ Message body ]
Next message: C. Scott Ananian: "Re: [SVN-DEV] Re: Diff options"
Previous message: Ben Collins-Sussman: "Re: Diff options"
In reply to: Sander Striker: "RE: Authentication"
Next in thread: Mark Welch: "Re: Authentication"
Reply: Mark Welch: "Re: Authentication"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]