blob: 8c6ee4500f057e8a8904b0eedd25482da5d59a48 (
plain)
pushing [[this|todo/httpauth feature parity with passwordauth]] further: would it make sense for users to have a $USER/creditentials page that is by default locked to the user and admins, where the user can state one or more of the below?
- OpenID
- ssh public key (would require an additional mechanism for writing this to a
authorized_keys file with appropriate environment variables or prefix that makes sure the commit is checked against the right user and that the user names agree)
- gpg public key (once there is a mechanism that relies on gpg for authentication))
- https certificate hash (don't know details; afair the creation of such certificates is typically initiated server-side)
- password hash (this is generally considered a valuable secret; is this still true with good hashes and proper salting?)
such a page could have a form as described in [[todo/structured page data]] and could even serve as a way of managing users. --[[chrysn]]
|