Mailinglist Archive: zypp-devel (149 mails)

< Previous Next >
Re: [zypp-devel] CredentialManager to get data for authentication
  • From: Jan Kupec <jkupec@xxxxxxx>
  • Date: Tue, 16 Sep 2008 11:51:26 +0200
  • Message-id: <48CF819E.8020309@xxxxxxx>
Michael Calmer wrote:
Hi,

Am Montag, 8. September 2008 schrieb Jan Kupec:
Hi,

Current solution uses simple text files containing one URL per line,
_containing_ also 'username:password@'. These URLs are then fed to the
zypp::Url constructor which parses them into an object from which you
can get the username and password, as well as compare with other URLs
using different zypp::url::ViewOption, etc...

I would like to see an enhancement to this. It should be possible to write a pointer to a file into the url. With this we have the possibility to use the same credentials for more then one repo/service.

Proposal:

https://hostname.domain.top/path/?credentials=/etc/credentials.d/mycredential

OK, i like this as a third way to store/get credentials. So to sum it up, the media backend would look at:

1) global, world readable:

/etc/zypp/credentials.d/* files (in case of INI format)
OR
/etc/zypp/credentials file (in case of one URL/line format)

(which one do you like more? Note that the files in the
credentials.d dir would have to have random names in case the name
is not supplied in ?credentials=filename (without path))

2) user readable

~/.zypp/credentials.d/* or ~/.zypp/credentials

3) user specified file (world/user readable?)

look at the file provided as ?credentials=/absolute/path/credfile

- the URL has to be saved with this parameter
- Q: isn't revealing of the location of the credentials file
a security issue?

The credential file has the format:

username=...
password=...

(of soemthing similar if curl supports credentials from file)

plus a URL, in case the location is not part of the URL as the 'credentials' parameter. The URL could be the INI section name: [URL].

As suggested above, this would require to save each credentials in a separate file. Or we still could put all the credentials in one file (except for those user-specified) and separate them by the [URL] sections.

The current inplementation can stay. So http://username:password@xxxxxxxxxxxxxxxxxx/path is an alternative.

I guess one format should be enough :O) So i'll wait a bit for some votes choosing one of them.

--
cheers,
jano
--
To unsubscribe, e-mail: zypp-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: zypp-devel+help@xxxxxxxxxxxx

< Previous Next >