Re: Authentication with RSA SecurID token?

From: Mark Phippard <markphip_at_gmail.com>
Date: Thu, 12 Jun 2008 14:50:44 -0400

On Thu, Jun 12, 2008 at 11:36 AM, Greg Thomas <thomasgd_at_omc.bt.co.uk> wrote:
> On Thu, 12 Jun 2008 11:31:16 -0400, Chris Shenton
> <chris.shenton_at_nasa.gov> wrote:
>
>>We've got (ahem) a customer requirement to use SecurID tokens for auth
>>to a Subversion repo we're building.
>
> I'm aware of, but have never used,
> http://www.deny-all.com/mod_securid/ ("This module enables RSA SecurID
> authentication for Apache.")
>
> Could you use that?

I do not know any details, including whether anyone ever actually got
it working. But I was told that a SecurID solution was unworkable
because Subversion via HTTP is not session-based at all. You wind up
having to respond to a SecurID challenge for every single request.
Using something like the TortoiseSVN repository browser would mean
having to enter this everytime you expanded the repository tree one
level. As one example.

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org

Received on 2008-06-12 20:51:08 CEST

This message: [ Message body ]
Next message: Greg Thomas: "Re: Authentication with RSA SecurID token?"
Previous message: Rémi Després-Smyth: "RE: URL doesn't exist, but only sometimes"
In reply to: Greg Thomas: "Re: Authentication with RSA SecurID token?"
Next in thread: Greg Thomas: "Re: Authentication with RSA SecurID token?"
Reply: Greg Thomas: "Re: Authentication with RSA SecurID token?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]