From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
To: "lilinchao@oschina.cn" <lilinchao@oschina.cn>
Cc: Derrick Stolee <stolee@gmail.com>, git <git@vger.kernel.org>,
Jeff King <peff@peff.net>, mjcheetham <mjcheetham@github.com>
Subject: Re: Re: [QUESTION]Is it possible that git would support two-factor authentication?
Date: Sun, 15 Aug 2021 00:02:48 +0200 (CEST) [thread overview]
Message-ID: <nycvar.QRO.7.76.6.2108150001480.59@tvgsbejvaqbjf.bet> (raw)
In-Reply-To: <0d301aeafc0b11ebb27d0024e87935e7@oschina.cn>
[-- Attachment #1: Type: text/plain, Size: 1463 bytes --]
Hi,
On Fri, 13 Aug 2021, lilinchao@oschina.cn wrote:
> >On 8/11/2021 7:00 AM, lilinchao@oschina.cn wrote:
> >> Many websites support two-factor authentication(2FA) to log in, like Github, I wander if we can support it in application layer.
> >> When client clone something, they need input username and password, it is like a website login process. For security, we can
> >> enable 2FA during this process.
> >
> >Typically, this is handled at the credential helper layer, which
> >is a tool outside of the Git codebase that can more closely work
> >with such 2FA/MFA requirements. For example, GCM Core [1] supports
> >2FA with GitHub, Azure DevOps, and BitBucket.
> >
> >[1] https://github.com/microsoft/Git-Credential-Manager-Core
> >
> >The mechanism is that Git attempts an operation and gets an error
> >code, so it asks for a credential from the helper. The helper
> >then communicates with the server to do whatever authentication
> >is required, including possibly performing multi-factor auth.
> >All of these details are hidden from Git, which is good.
> >
> Indeed, this is good, I've experienced this tool these days at WSL and Windows,
> but finally I hope these features can be supported by Git itself, and then the user end can easily configure it.
The problem here is that 2FA is highly provider-specific. And that's why
Git itself refuses to implement it. Hence the credential helper layer.
Ciao,
Johannes
next prev parent reply other threads:[~2021-08-14 22:03 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-11 11:00 [QUESTION]Is it possible that git would support two-factor authentication? lilinchao
2021-08-11 13:50 ` Konstantin Ryabitsev
2021-08-11 15:23 ` Theodore Ts'o
2021-08-13 22:56 ` brian m. carlson
2021-08-11 13:54 ` Derrick Stolee
[not found] ` <9b199de2faab11eba548a4badb2c2b1195555@gmail.com>
2021-08-13 7:49 ` lilinchao
2021-08-14 22:02 ` Johannes Schindelin [this message]
[not found] ` <BEBB4A79-9773-4701-A8C5-06C20AB42686@github.com>
[not found] ` <1F2C610F-8800-466A-A0CA-7A6068A14805@github.com>
[not found] ` <D8CFA50F-266A-4995-8058-D29A2D490D5F@github.com>
2021-08-17 10:19 ` Matthew Cheetham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=nycvar.QRO.7.76.6.2108150001480.59@tvgsbejvaqbjf.bet \
--to=johannes.schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=lilinchao@oschina.cn \
--cc=mjcheetham@github.com \
--cc=peff@peff.net \
--cc=stolee@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).