From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: Ralph Ewig <ralph.phd@protonmail.com>
Cc: Jeff King <peff@peff.net>, git@vger.kernel.org
Subject: Re: git smart http + apache mod_auth_openidc
Date: Thu, 17 Oct 2019 22:55:29 +0000 [thread overview]
Message-ID: <20191017225529.sg37cxvyssbaitfw@camp.crustytoothpaste.net> (raw)
In-Reply-To: <5a2cc6f5-a8d0-356b-ff4e-a716aa5675b1@protonmail.com>
[-- Attachment #1: Type: text/plain, Size: 1167 bytes --]
On 2019-10-17 at 14:33:38, Ralph Ewig wrote:
> Quick follow up question: can the git client pass
> a token read from a cookie with a request? That
> would enable users to sign-in via a browser, store
> the cookie, and then use that as the access token
> to authenticate a git request.
Git has an option, http.cookieFile, that can read a cookie from a file,
yes. That does, of course, require that you're able to put the cookie
in a file from a web browser. I'm not aware of any web browsers that
easily provide an option to dump cookies into a file.
Also, just as a note, this approach definitely won't work for automated
systems you have, such as CI systems. That's why I suggested Kerberos:
because you can have services that have principals and you can use those
credentials in your CI systems to access code and run jobs.
Clearly you know your infrastructure and users better than I do, but I
don't recommend having a web-based sign-on as your only form of
authentication for a Git server. It's going to cause a lot of pain and
inconvenience on all sides.
--
brian m. carlson: Houston, Texas, US
OpenPGP: https://keybase.io/bk2204
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 868 bytes --]
next prev parent reply other threads:[~2019-10-17 22:55 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-15 15:59 git smart http + apache mod_auth_openidc Ralph Ewig
2019-10-16 23:33 ` brian m. carlson
2019-10-17 3:00 ` Ralph Ewig
2019-10-17 6:03 ` Jeff King
2019-10-17 14:21 ` Ralph Ewig
2019-10-17 14:33 ` Ralph Ewig
2019-10-17 22:55 ` brian m. carlson [this message]
2019-10-18 1:18 ` Ralph Ewig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191017225529.sg37cxvyssbaitfw@camp.crustytoothpaste.net \
--to=sandals@crustytoothpaste.net \
--cc=git@vger.kernel.org \
--cc=peff@peff.net \
--cc=ralph.phd@protonmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).