Not storing passwords in cleartext

Jan Hudec bulb at ucw.cz
Sun Nov 20 13:35:54 GMT 2005 

On Sun, Nov 20, 2005 at 11:51:47 +0100, Matthieu Moy wrote:
> Robey Pointer <robey at lag.net> writes:
> 
> > I think it should track url type too.  
> 
> Then, ~/.authinfo is not the answer. The advantage of it is that it is
> user by other pieces of software (Gnus, mutt, slrn at least), so,
> reusing it means 1) less to type if you use the same
> machine/login/password and 2) only one chmod 600 not to forget.

Well. .authinfo should NOT be used for sftp -- sftp should use .ssh/config
and public key authentication instead. So what's left is http, ftp and
smart-server, whatever it runs over (except if it runs over ssh).

> > I'm likely to have a different password for my website and sftp,
> > even though they use the same machine name.
> 
> By curiosity, would it be for the same username?
> 
> What I've implemented in Bazaar is: if you don't provide the username,
> it is found from the machine name in ~/.authinfo. If there are several
> lines with the same machine in ~/.authinfo, then you have to provide
> the username in the URL, and it will fetch the corresponding password
> in the ~/.authinfo file.
> 
> If we decide not to use the .authinfo syntax, then we probably also
> want to keep the full URL, since you may have different WebDAV
> passwords and/or login in different directories for the same host.
> 
> How about a .ini file like
> 
> [http://host.com]
> login=<default login for host.com with http>
> password=<defauld pass for host.com with http>
> password=<password for user John> login=john
> login=<login for http://host.com/webdav/jane directory> path=webdav/jane
> password=<password for http://host.com/webdav/jane directory> path=webdav/jane

http/webdav have something called "authentication domain", which IMHO should
be used instead of URL.

I would vote for using an .ini file for all protocols, using domains for
http and webdav, and then using .authinfo for http/webdav and ftp and
.ssh/config and public keys for sftp/smart-server-over-ssh.

-- 
						 Jan 'Bulb' Hudec <bulb at ucw.cz>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20051120/d3d5ffd5/attachment.pgp

More information about the bazaar mailing list