[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Authentication

From: Sander Striker <striker_at_apache.org>
Date: 2001-09-04 19:21:52 CEST

> On Tue, 4 Sep 2001, Sander Striker wrote, quoting Daniel Rall:
> > > Sometimes multiple layers of authentication are desired (i.e. both
> > > user/password and certs).
> >
> > AFAIK this is possible to do in apache (the example you provide).
> >
> > I don't see this as desired though. A cert should be enough,
> > it identifies and authenticates the user. Can you give me an
> > example of where it isn't (with subversion in mind)?
>
> Two-factor auth: something you have (certs) and something you know
> (password/phrase). It helps keep things secure in the face of lost
> laptops, accidentally revealed passwords, and other edge cases.
>
> Brian

Yes, ofcourse. Doh! :)
But, isn't this already possible with apache?

<Location /some/where>
   # something you have
   SSLRequireSSL
   SSLVerifyClient require
   SSLVerifyDepth 10

   # something you know
   AuthType Digest
   AuthName "Restricted Directory"
   AuthUserFile /svn/users
   AuthGroupFile /svn/groups
   Require group svn
</Location>

Ofcourse, this doesn't take into account that the username
in the cert is equal to the username supplied. So, maybe an
extra mod_auth_xxx is in order (or I am missing something).

Sander

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 21 14:36:39 2006

This is an archived mail posted to the Subversion Dev mailing list.