Rev 3422: (vila) Fix #183705 by updating auth docs to discuss SSH agents in file:///home/pqm/archives/thelove/bzr/%2Btrunk/

Canonical.com Patch Queue Manager pqm at pqm.ubuntu.com
Fri May 9 22:05:15 BST 2008 

At file:///home/pqm/archives/thelove/bzr/%2Btrunk/

------------------------------------------------------------
revno: 3422
revision-id:pqm at pqm.ubuntu.com-20080509210507-jcb0uvu1htlnnouy
parent: pqm at pqm.ubuntu.com-20080509190952-oqlrpkxzoruxymko
parent: john at arbash-meinel.com-20080509194115-n58rowtcvfylvek3
committer: Canonical.com Patch Queue Manager <pqm at pqm.ubuntu.com>
branch nick: +trunk
timestamp: Fri 2008-05-09 22:05:07 +0100
message:
  (vila) Fix #183705 by updating auth docs to discuss SSH agents
modified:
  NEWS                           NEWS-20050323055033-4e00b5db738777ff
  bzrlib/help_topics/en/authentication.txt authentication_conf.-20071104135035-glfv0ri355tyg1nf-1
  doc/developers/authentication-ring.txt authring.txt-20070718200437-q5tdik0ne6lor86d-1
  doc/developers/index.txt       index.txt-20070508041241-qznziunkg0nffhiw-1
  doc/en/user-guide/configuring_bazaar.txt configuring_bazaar.t-20071128000722-ncxiua259xwbdbg7-1
    ------------------------------------------------------------
    revno: 3418.5.4
    revision-id:john at arbash-meinel.com-20080509194115-n58rowtcvfylvek3
    parent: v.ladeuil+lp at free.fr-20080509164021-kxtz21ozxnv16ivt
    committer: John Arbash Meinel <john at arbash-meinel.com>
    branch nick: 183705-auth-doc-unclear
    timestamp: Fri 2008-05-09 14:41:15 -0500
    message:
      Fix Vincent's NEWS so that 'make docs' succeeds
    modified:
      NEWS                           NEWS-20050323055033-4e00b5db738777ff
    ------------------------------------------------------------
    revno: 3418.5.3
    revision-id:v.ladeuil+lp at free.fr-20080509164021-kxtz21ozxnv16ivt
    parent: v.ladeuil+lp at free.fr-20080509143114-gyzbc8v2x4noq238
    committer: Vincent Ladeuil <v.ladeuil+lp at free.fr>
    branch nick: 183705-auth-doc-unclear
    timestamp: Fri 2008-05-09 18:40:21 +0200
    message:
      Fixed as per John's review.
    modified:
      bzrlib/help_topics/en/authentication.txt authentication_conf.-20071104135035-glfv0ri355tyg1nf-1
      doc/developers/authentication-ring.txt authring.txt-20070718200437-q5tdik0ne6lor86d-1
    ------------------------------------------------------------
    revno: 3418.5.2
    revision-id:v.ladeuil+lp at free.fr-20080509143114-gyzbc8v2x4noq238
    parent: v.ladeuil+lp at free.fr-20080509095259-ncvhu7wu0pcviat8
    committer: Vincent Ladeuil <v.ladeuil+lp at free.fr>
    branch nick: 183705-auth-doc-unclear
    timestamp: Fri 2008-05-09 16:31:14 +0200
    message:
      Update NEWS.
    modified:
      NEWS                           NEWS-20050323055033-4e00b5db738777ff
    ------------------------------------------------------------
    revno: 3418.5.1
    revision-id:v.ladeuil+lp at free.fr-20080509095259-ncvhu7wu0pcviat8
    parent: pqm at pqm.ubuntu.com-20080508230313-knn3ibom6wt27w5k
    committer: Vincent Ladeuil <v.ladeuil+lp at free.fr>
    branch nick: 183705-auth-doc-unclear
    timestamp: Fri 2008-05-09 11:52:59 +0200
    message:
      Fix #183705 by updating the authentication docs regarding ssh agents.
      
      * bzrlib/help_topics/en/authentication.txt: 
      Recommand ssh agents usage. Don't use the 'password' field in a
      'ssh' section in examples !
      
      * doc/developers/index.txt: 
      Add authentication-ring spec which was missing.
      
      * doc/developers/ authentication-ring.txt: 
      Be more explicit about not trying to replace ssh agents.
    modified:
      bzrlib/help_topics/en/authentication.txt authentication_conf.-20071104135035-glfv0ri355tyg1nf-1
      doc/developers/authentication-ring.txt authring.txt-20070718200437-q5tdik0ne6lor86d-1
      doc/developers/index.txt       index.txt-20070508041241-qznziunkg0nffhiw-1
      doc/en/user-guide/configuring_bazaar.txt configuring_bazaar.t-20071128000722-ncxiua259xwbdbg7-1
=== modified file 'NEWS'
--- a/NEWS	2008-05-09 19:09:52 +0000
+++ b/NEWS	2008-05-09 21:05:07 +0000
@@ -101,6 +101,9 @@
 
     * Improved the documentation on hooks. (Ian Clatworthy)
 
+    * Update authentication docs regarding ssh agents.
+      (Vincent Ladeuil, #183705)
+
   TESTING:
 
     * Add ``thread_name_suffix`` parameter to SmartTCPServer_for_testing, to

=== modified file 'bzrlib/help_topics/en/authentication.txt'
--- a/bzrlib/help_topics/en/authentication.txt	2007-12-17 01:33:01 +0000
+++ b/bzrlib/help_topics/en/authentication.txt	2008-05-09 16:40:21 +0000
@@ -6,9 +6,9 @@
 ------
 
 Many different authentication policies can be described in the
-``authentication.conf`` file but a particular user should need
-only a few definitions to cover his needs without having to specify a user and
-a password for every branch he uses.
+``authentication.conf`` file but a particular user should need only a few
+definitions to cover his needs without having to specify a user and a password
+for every branch he uses.
 
 The definitions found in this file are used to find the credentials to use for
 a given url. The same credentials can generally be used for as many branches as
@@ -47,9 +47,10 @@
 
 1. user and password
 
-``FTP`` and ``SFTP`` needs a (``user``, ``password``) to authenticate against a
-``host`` (SFTP can use ssh keys too, but we don't talk about that here as ssh
-agents provide a better solution).
+``FTP`` needs a (``user``, ``password``) to authenticate against a ``host``
+``SFTP`` can use either a password or a host key to authenticate. However,
+ssh agents are a better, more secure solution. So we have chosen to not provide
+our own less secure method.
 
 2. user, realm and password
 
@@ -174,13 +175,15 @@
         # The leading '.' ensures that 'shp.net' alone doesn't match
         host=.shp.net
         user=joe
-        password=precious
+        # bzr don't support supplying a password for sftp,
+        # consider using an ssh agent if you don't want to supply
+        # a password interactively. (pageant, ssh-agent, etc)
 
 HTTPS, SFTP servers and their proxy
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-At company.com, the server hosting released and integration code is behind a
-proxy, the two servers use different authentication policies::
+At company.com, the server hosting release and integration branches is behind a
+proxy, and the two branches use different authentication policies::
 
         [reference code]
         scheme=https
@@ -195,7 +198,6 @@
         host=dev.company.com
         path=/dev/integration
         user=user2
-        password=pass2
         
         # proxy
         [proxy]

=== modified file 'doc/developers/authentication-ring.txt'
--- a/doc/developers/authentication-ring.txt	2007-11-04 15:24:27 +0000
+++ b/doc/developers/authentication-ring.txt	2008-05-09 16:40:21 +0000
@@ -63,9 +63,9 @@
 
 Note that ssh servers can be configured to use keys instead of (``user``,
 ``password``) and, when used with appropriate agents, provide the same kind of
-comfort this specification aims to provide for all other schemes. These
-specification do not try to cover these configurations by providing
-pass-phrases, but the mechanisms presented *can* be used to provide users.
+comfort this specification aims to provide for all other schemes. Since ssh
+agents provide a safer way to secure the passwords, this specification is
+restricted to providing ``user`` but does not provide ``password``.
 
 Authentication definitions
 --------------------------
@@ -120,7 +120,8 @@
   * ``password``: can be empty (for security reasons, a user may use the
     definitions without storing the passwords but want to be prompted ; or the
     password will be provided by an external plugin via the
-    ``password_encoding`` mechanism decribed below).
+    ``password_encoding`` mechanism decribed below). Must be left empty for
+    ``ssh``.
 
   * ``password_encoding``: can be empty (default is ``plaintext``).
 

=== modified file 'doc/developers/index.txt'
--- a/doc/developers/index.txt	2008-05-02 02:05:46 +0000
+++ b/doc/developers/index.txt	2008-05-09 09:52:59 +0000
@@ -31,6 +31,9 @@
 
 * `API versioning <api-versioning.html>`_ |--| bzrlib API versioning.
 
+* `Authentication ring <authentication-ring.html>`_ |--| Configuring
+  authentication.
+
 * `Bundles <bundles.html>`_ |--| All about bzr bundles.
 
 * `Container format <container-format.html>`_ |--| Notes on a container format

=== modified file 'doc/en/user-guide/configuring_bazaar.txt'
--- a/doc/en/user-guide/configuring_bazaar.txt	2007-12-07 03:37:32 +0000
+++ b/doc/en/user-guide/configuring_bazaar.txt	2008-05-09 09:52:59 +0000
@@ -33,9 +33,9 @@
 
 Each branch can also contain a configuration file that sets values specific
 to that branch. This file is found at ``.bzr/branch/branch.conf`` within the
-branch. This file is visible to **all users of a branch**. If you wish to override
-one of the values for a branch with a setting that is specific to you, then you
-can do so in ``locations.conf``.
+branch. This file is visible to **all users of a branch**. If you wish to
+override one of the values for a branch with a setting that is specific to you,
+then you can do so in ``locations.conf``.
 
 Here is sample content of ``bazaar.conf`` after setting an email address using
 the ``whoami`` command::

More information about the bazaar-commits mailing list