Re: [stellation-res] why doesn't stellationd require a "password" argume

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [stellation-res] why doesn't stellationd require a "password" argument?

From: "Mark C. Chu-Carroll" <mcc@xxxxxxxxxxxxxx>
Date: Sat, 20 Jul 2002 19:43:39 -0400
Delivered-to: stellation-res@xxxxxxxxxxxxxxx
List-archive: <http://dev.eclipse.org/pipermail/stellation-res/>
List-help: <mailto:stellation-res-request@dev.eclipse.org?subject=help>
List-subscribe: <http://dev.eclipse.org/mailman/listinfo/stellation-res>, <mailto:stellation-res-request@dev.eclipse.org?subject=subscribe>
List-unsubscribe: <http://dev.eclipse.org/mailman/listinfo/stellation-res>, <mailto:stellation-res-request@dev.eclipse.org?subject=unsubscribe>
Organization: IBM T. J. Watson Research Center
User-agent: KMail/1.4.1

On Saturday 20 July 2002 07:20 pm, Florin Iucha wrote:
> On Sat, Jul 20, 2002 at 07:04:31PM -0400, Mark C. Chu-Carroll wrote:
> > Other people suggested that early on. Our authenticator mechanism
> > is a plugin based approach, similar to PAM. But to be cross-platform
> > in Java, it's tough to use a system like PAM.
> >
> > We also wanted Stellation authentication to be integrated with
> > the Stellation ACL system that I'm working on.
>
> ACL is related to authorization, not authentication.
>
> Authentication: who you are - username/password, retina scan...
>
> Authorization: what can you do - ACL, roles, etc.

I know. But the two are connected: when you're done authenticating,
you hold a token granting access to the repository with a particular
authorization. The two can be separated to a good degree, by 
changing the way that the token is generated. But there's always
a bit of connection there. For now it's a lot easier to keep them
more tightly connected. (And our authentication system is really 
pretty nice.)

> > If there's a good way to use something PAM like without losing
> > the cross-platform property, and maintaining the connection between
> > the authenticator and the repository, I'd be glad to add it in. I haven't
> > had time to explore doing something like that.
>
> PAM is cross-platform: Linux, SUN, IRIX...
> Oh, you mean that "other" OS... 8^)

Yes. Unfortunately, I do. We don't do a good job of supporting
windows. But at the moment, the things preventing windows support
from working are relatively minor (postgres problems). If we switch
to a Unix-based authentication system, we're really putting a big
barrier up against windows - even if that auth system can be made to work
under cygwin. (And I don't think I've seen a PAM implementation for
cygwin.)

Once the system gets more functional and more stable, we'd really like
to try to convince the Eclipse guys to look at supporting Stellation inside
of Eclipse. There's zero chance of that if it doesn't work 100% on
windows.

	-Mark

-- 
Mark Craig Chu-Carroll,  IBM T.J. Watson Research Center  
*** The Stellation project: Advanced SCM for Collaboration
***		http://www.eclipse.org/stellation
*** Work Email: mcc@xxxxxxxxxxxxxx  ------- Personal Email: markcc@xxxxxxxxxxx

Follow-Ups:
- Re: [stellation-res] why doesn't stellationd require a "password" argument?
  - From: Florin Iucha

References:
- [stellation-res] why doesn't stellationd require a "password" argument?
  - From: Florin Iucha
- Re: [stellation-res] why doesn't stellationd require a "password" argument?
  - From: Mark C. Chu-Carroll
- Re: [stellation-res] why doesn't stellationd require a "password" argument?
  - From: Florin Iucha

Prev by Date: Re: [stellation-res] Repository shadowing and problem resolutions
Next by Date: Re: [stellation-res] why doesn't stellationd require a "password" argument?
Previous by thread: Re: [stellation-res] why doesn't stellationd require a "password" argument?
Next by thread: Re: [stellation-res] why doesn't stellationd require a "password" argument?
Index(es):
- Date
- Thread

Breadcrumbs