Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Private registry authentication #2719

Open
wants to merge 3 commits into
base: master
from

Conversation

Projects
None yet
5 participants

jdemilledt added some commits Jul 5, 2019

@KrishnaSannasi

This comment has been minimized.

Copy link

commented Jul 5, 2019

Please add a link to your doc edit: now done

@jdemilledt

This comment has been minimized.

Copy link
Author

commented Jul 6, 2019

The link has been added.

@sfackler

This comment has been minimized.

Copy link
Member

commented Jul 6, 2019

The registry decides whether auth is required to the individual endpoints, so it seems like this configuration should live in the config.json file: https://github.com/rust-lang/crates.io-index/blob/master/config.json

@jdemilledt

This comment has been minimized.

Copy link
Author

commented Jul 6, 2019

@sfackler I did consider that at first, but the registry may require authentication to pull the index. Perhaps a special index is returned that only says use auth and where to get the token?

@sfackler

This comment has been minimized.

Copy link
Member

commented Jul 6, 2019

git authentication is handled totally separately from HTTP authentication with the registry API.

@jdemilledt

This comment has been minimized.

Copy link
Author

commented Jul 6, 2019

@sfackler That's a good point to bring up. I think I'm leaning toward the empty index telling Cargo where to get a token then. That way, Cargo can automatically get the token and store it, using it for subsequent requests to the index and registry.

@jdemilledt

This comment has been minimized.

Copy link
Author

commented Jul 6, 2019

Could someone point me to the location in the codebase where indices are pulled?

@jdemilledt

This comment has been minimized.

Copy link
Author

commented Jul 6, 2019

After some thinking, Cargo shouldn't muck with Git's configuration. The registry should provide the user with instructions on how to fill out the Git authentication requests.

@jdemilledt

This comment has been minimized.

Copy link
Author

commented Jul 7, 2019

I've updated the RFC. Please let me know what you all think.

@gilescope

This comment has been minimized.

Copy link

commented Jul 10, 2019

Is this going to support ntlm auth? (There's a lot of enterprise windows shops out there.)

@jdemilledt

This comment has been minimized.

Copy link
Author

commented Jul 10, 2019

@gilescope Not at the moment. Authentication types are independent from this RFC.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.