Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jgit-dev] The password handling of the Clone dialog

Only posted to the EGit mailing list, but obviously concerns JGit too.

-- robin

Robin Rosenberg skrev 2012-04-09 16.19:
I've been looking at the Clone wizard.

There are a number of bugs open on clone and push and apparently password authentication is
severely broken.

The current build doesn't work with passwords at all (Bug 360862). I made a patch for that at and submitted it. We're not done with that, simply because
it is not clean. Authentication is done with one of the methods in the PreferredAuthentications
setting, whose value is "gssapi-with-mic,publickey,keyboard-interactive,password". We don't
have kerberos and if you don't have a suitable public key then keyboard-interactive is used. The
server says it wants a password which is handled via a StringType credential item, not the
Password type. The patch handles that.

A strange thing is that, shouldn't we go straight to password authentication when a password
is supplied?

How is the secure storage ment to be used. AFAIK it doesn't work at all right now. Ok, it seems
to store a password. but it cannot retrieve it.

It seems to me that there is a lot of complex class hierarchies, much of which isn't used
at all. How is this really meant to work?

Some of the bugs reports talk about passphrase, but is that the private key passphrase or
just the password.

Here is a quick list of related issues, some are old:

373947 JGit/JSch never resets the credentials provider if an invalid passphrase is returned
352385 Unable to clone repository via ssh - egit won't give a chance to enter passphrase
339220 Login and password don't get used or stored.
349348 Using Push... to server prompts for password 3 times
349417 Can't finish the Clone Git Repository Dialog if you don't know your secure storage password
352752 Prompted for password more than expected
355442 Egit is prompting for password for secure store even no secure store is set

333127 Can't edit password dialog user name
344987 'Auth cancel' error dialog when password prompt for Fetch is cancelled

351106 CVS actions trigger EGIT Pass Phrase pop-up

-- robin
egit-dev mailing list

Back to the top