Hi Enrico, Enrico Zini wrote: > we have implemented a new experimental single signon for Debian based on > client certificates: > https://lists.debian.org/debian-devel/2015/08/msg00539.html > and while evaluating its accessibility: > https://lists.debian.org/debian-accessibility/2015/08/msg00070.html > it turned out that at the moment no text-based browser supports it. > > Let's fix that.
*sigh* You're working hard on removing all my arguments against mandatory client certificate authentication, right? ;-) > Please find attached a patch that makes links work with client > certificates. Thanks! I would have expected the patch to be much bigger. > With that patch applied, I can do: > > links2 https://contributors.debian.org > (shows login button) > > and: > > links2 -http.client_cert_key enrico.key -http.client_cert_crt enrico.crt > https://contributors.debian.org > (shows me logged in) > > If you want to test it, you can go to > https://sso.debian.org/spkac/enroll_manually/ > to obtain a local key/crt pair for your Debian or Alioth account. Thanks for the detailed instructions. Will use that to test the build binary. I'm though concerned about having obviously unencrypted client-certs + keys lounging around on my hard disk (even with disk-encryption) which give access to quite some Debian infrastructure. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
