RE: Authentication

From: Brian Behlendorf <brian_at_collab.net>
Date: 2001-09-04 18:57:14 CEST

On Tue, 4 Sep 2001, Sander Striker wrote, quoting Daniel Rall:
> > Sometimes multiple layers of authentication are desired (i.e. both
> > user/password and certs).
>
> AFAIK this is possible to do in apache (the example you provide).
>
> I don't see this as desired though. A cert should be enough,
> it identifies and authenticates the user. Can you give me an
> example of where it isn't (with subversion in mind)?

Two-factor auth: something you have (certs) and something you know
(password/phrase). It helps keep things secure in the face of lost
laptops, accidentally revealed passwords, and other edge cases.

Brian

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 21 14:36:39 2006

This message: [ Message body ]
Next message: Sander Striker: "RE: Authentication"
Previous message: Kevin Pilch-Bisson: "Re: [Issue 482] New - .svnignore processing needed"
In reply to: Sander Striker: "RE: Authentication"
Next in thread: Sander Striker: "RE: Authentication"
Reply: Sander Striker: "RE: Authentication"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]