0

We would like to use gitolite after reading the documentation for the better access management.

We need a special requirement of where users should get prompted for password. I dont know if it is feasible but we require it as there is a chance of pushing their unwanted changes without any prompt. At least user will have a chance of aborting the changes while pushing during password prompt and also have option to abort if he/she is trying to pull some other branch code mistakenly on a current branch.

Abizern
  • 146,289
  • 39
  • 203
  • 257
Srinivas
  • 321
  • 2
  • 5
  • 18

1 Answers1

1

As mentioned in the Gitolite documentation, Gitolite is an authorization layer, not an authentication layer.

See "How do programs like gitolite work?": Gitolite takes advantage of any id that you will pass, either by ssh or http.
For http example, see "git-http-backend returns error 502".

So if you setup:

  • an ssh access with a password-protected private ssh key (and no ssh-agent), or
  • an https access, with authentication required (Require valid-user),

then your users will have to enter a password for each of their git operations (push/pull/clone) interacting with the remotes repos behind your ssh daemon of httpd process.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250