[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[egit-dev] The password handling of the Clone dialog

I've been looking at the Clone wizard.

There are a number of bugs open on clone and push and apparently password authentication is
severely broken.

The current build doesn't work with passwords at all (Bug 360862). I made a patch for that at
https://git.eclipse.org/r/#/c/5529/ and submitted it. We're not done with that, simply because
it is not clean. Authentication is done with one of the methods in the PreferredAuthentications
setting, whose value is "gssapi-with-mic,publickey,keyboard-interactive,password". We don't
have kerberos and if you don't have a suitable public key then keyboard-interactive is used. The
server says it wants a password which is handled via a StringType credential item, not the
Password type. The patch handles that.

A strange thing is that, shouldn't we go straight to password authentication when a password
is supplied?

How is the secure storage ment to be used. AFAIK it doesn't work at all right now. Ok, it seems
to store a password. but it cannot retrieve it.

It seems to me that there is a lot of complex class hierarchies, much of which isn't used
at all. How is this really meant to work?

Some of the bugs reports talk about passphrase, but is that the private key passphrase or
just the password.

Here is a quick list of related issues, some are old:

373947	JGit/JSch never resets the credentials provider if an invalid passphrase is returned
352385	Unable to clone repository via ssh - egit won't give a chance to enter passphrase
339220	Login and password don't get used or stored.
349348	Using Push... to eclipse.org server prompts for password 3 times
349417	Can't finish the Clone Git Repository Dialog if you don't know your secure storage password
352752	Prompted for password more than expected
355442	Egit is prompting for password for secure store even no secure store is set

Related
333127	Can't edit password dialog user name
344987	'Auth cancel' error dialog when password prompt for Fetch is cancelled

?
351106	CVS actions trigger EGIT Pass Phrase pop-up


-- robin