[tahoe-dev] 2-factor and/or Kerberos authentication?

Zooko O'Whielacronx zookog at gmail.com
Wed Apr 22 11:35:01 UTC 2009


On Tue, Apr 21, 2009 at 4:49 PM, Troy Benjegerdes <hozer at hozed.org> wrote:
> Has anyone thought much about two-factor authentication, or integration
> with Kerberos?

I don't think I have any use for that right now.  Perhaps someone else does.

For what it is worth, Tahoe separates authorization from
authentication, and the Tahoe core concerns only authorization.  For
example, there is a write-cap to my blog.  This write-cap is embedded
into a URL (which begins with "http://127.0.0.1"), and the URL is
stored in my bookmarks in Safari and Firefox on my Mac laptop.  The
capability contains all of the crypto information necessary and
sufficient to encrypt and sign new blog entries, so possession of the
capability is the only requirement for being able to update my blog.

Therefore, the only authentication that comes into play at all when
I'm updating my blog is the Mac laptop login authentication.

Now, allmydata.com has open-sourced a JavaScript UI for Tahoe which
includes a normal login with name/password.  So there's an example of
someone who might be interested in two-factor authentication or
Kerberos.  :-)

Regards,

Zooko



More information about the tahoe-dev mailing list