[Bulk] Re: [ANN] Encrypted Credential Store for Windows
Gordon Tyler
gordon at doxxx.net
Mon Jan 31 16:26:35 UTC 2011
On Mon, January 31, 2011 10:50 am, John Arbash Meinel wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 1/31/2011 1:41 AM, Martin Pool wrote:
>> On 30 January 2011 01:00, vila <v.ladeuil+lp at free.fr> wrote:
>>> > <scheme> should be something like 'http' or 'ftp'. It won't work
>>> for ssh
>>> > or sftp since Bazaar requires the use of an ssh-agent for those
>>> schemes.
>>>
>>> We recommend using ssh agents because they are more suited for ssh
>>> connections because they are audited for security whereas
>>> authentication.conf and bzr hasn't been yet (and keeping small code
>>> bases for audit purposes is the Right Thing to do). Your plugin does
>>> exactly that.
>>
>> If bzr can't get paramiko ssh passwords from a plugable credential
>> store, that's a bug. Assuming you are using passwords and using
>> paramiko inprocess in bzr, nothing is gained by not having the
>> password stored in cryptoapi.
>>
>> Martin
>>
>>
>
> Right. Though I don't think this supports things like ssh keys, which is
> usually the recommended way to handle auth with ssh.
It would only support keyboard interactive login for ssh since that just
requires a password.
Ciao,
Gordon
More information about the bazaar
mailing list