From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
To: "lilinchao@oschina.cn" <lilinchao@oschina.cn>
Cc: Derrick Stolee <stolee@gmail.com>, git <git@vger.kernel.org>,
Jeff King <peff@peff.net>, mjcheetham <mjcheetham@github.com>
Subject: Re: Re: [QUESTION]Is it possible that git would support two-factor authentication?
Date: Sun, 15 Aug 2021 00:02:48 +0200 (CEST) [thread overview]
Message-ID: <nycvar.QRO.7.76.6.2108150001480.59@tvgsbejvaqbjf.bet> (raw)
In-Reply-To: <0d301aeafc0b11ebb27d0024e87935e7@oschina.cn>
[-- Attachment #1: Type: text/plain, Size: 1463 bytes --]
Hi,
On Fri, 13 Aug 2021, lilinchao@oschina.cn wrote:
> >On 8/11/2021 7:00 AM, lilinchao@oschina.cn wrote:
> >> Many websites support two-factor authentication(2FA) to log in, like Github, I wander if we can support it in application layer.
> >> When client clone something, they need input username and password, it is like a website login process. For security, we can
> >> enable 2FA during this process.
> >
> >Typically, this is handled at the credential helper layer, which
> >is a tool outside of the Git codebase that can more closely work
> >with such 2FA/MFA requirements. For example, GCM Core [1] supports
> >2FA with GitHub, Azure DevOps, and BitBucket.
> >
> >[1] https://github.com/microsoft/Git-Credential-Manager-Core
> >
> >The mechanism is that Git attempts an operation and gets an error
> >code, so it asks for a credential from the helper. The helper
> >then communicates with the server to do whatever authentication
> >is required, including possibly performing multi-factor auth.
> >All of these details are hidden from Git, which is good.
> >
> Indeed, this is good, I've experienced this tool these days at WSL and Windows,
> but finally I hope these features can be supported by Git itself, and then the user end can easily configure it.
The problem here is that 2FA is highly provider-specific. And that's why
Git itself refuses to implement it. Hence the credential helper layer.
Ciao,
Johannes
next prev parent reply other threads:[~2021-08-14 22:03 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-11 11:00 [QUESTION]Is it possible that git would support two-factor authentication? lilinchao
2021-08-11 13:50 ` Konstantin Ryabitsev
2021-08-11 15:23 ` Theodore Ts'o
2021-08-13 22:56 ` brian m. carlson
2021-08-11 13:54 ` Derrick Stolee
[not found] ` <9b199de2faab11eba548a4badb2c2b1195555@gmail.com>
2021-08-13 7:49 ` lilinchao
2021-08-14 22:02 ` Johannes Schindelin [this message]
[not found] ` <BEBB4A79-9773-4701-A8C5-06C20AB42686@github.com>
[not found] ` <1F2C610F-8800-466A-A0CA-7A6068A14805@github.com>
[not found] ` <D8CFA50F-266A-4995-8058-D29A2D490D5F@github.com>
2021-08-17 10:19 ` Matthew Cheetham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=nycvar.QRO.7.76.6.2108150001480.59@tvgsbejvaqbjf.bet \
--to=johannes.schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=lilinchao@oschina.cn \
--cc=mjcheetham@github.com \
--cc=peff@peff.net \
--cc=stolee@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.