> On Tue, 4 Sep 2001, Sander Striker wrote, quoting Daniel Rall:
> > > Sometimes multiple layers of authentication are desired (i.e. both
> > > user/password and certs).
> >
> > AFAIK this is possible to do in apache (the example you provide).
> >
> > I don't see this as desired though. A cert should be enough,
> > it identifies and authenticates the user. Can you give me an
> > example of where it isn't (with subversion in mind)?
>
> Two-factor auth: something you have (certs) and something you know
> (password/phrase). It helps keep things secure in the face of lost
> laptops, accidentally revealed passwords, and other edge cases.
>
> Brian
Yes, ofcourse. Doh! :)
But, isn't this already possible with apache?
<Location /some/where>
# something you have
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 10
# something you know
AuthType Digest
AuthName "Restricted Directory"
AuthUserFile /svn/users
AuthGroupFile /svn/groups
Require group svn
</Location>
Ofcourse, this doesn't take into account that the username
in the cert is equal to the username supplied. So, maybe an
extra mod_auth_xxx is in order (or I am missing something).
Sander
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 21 14:36:39 2006