h-source-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [H-source-users] Introduction

From: Denis 'GNUtoo' Carikli
Subject: Re: [H-source-users] Introduction
Date: Wed, 21 Jul 2021 22:22:39 +0200 
On Tue, 20 Jul 2021 12:34:19 -0400
bill-auger <bill-auger@peers.community> wrote:

> On Tue, 20 Jul 2021 06:14:43 +0200 Denis wrote:
> > without having the h-client
> > send the username / password in clear?  
> 
> h-client has SSL is enabled already
What I said was indeed misleading.

I had in mind protocols to not send the password in clear in the
encrypted TLS tunnel, where they'd either use a hash or some better
authentication method with some challenge and response mechanism, or
some ticket mechanism.

This way if you authenticate against a distribution single sign-on
identity provider, you don't need to send your Parabola password to
h-node.

> i dont know how deep the relation should go though, or if the
> FSF would want to manage it - the libreplanet and FSD wikis
> require separate crenentials now too
The FSF seem to have a "CAS" signle-signon authentication system that
works for both the FSF website and the Libreplanet wiki.

Denis.

Attachment: pgpQQHJ8PeNlJ.pgp
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]