>>
>> These will make all examples that uses maven deploy plugin, cli scripts,
arquillian, jboss tools etc. to somehow
>> either tell users to type in their username and full password in clear text in
pom.xml and other files.
>>
>> Which sounds worse to me than a default locked down to only localhost…but I'm
not a security expert :)
>>
>> I was wondering how hard it would be to make the authentication support key based
auth by default and we make
>> the tools use ${user.name} and ${user.home}/.jboss/default.pub and .priv (or some
other name) for the public/private keys ?
>
> You would need a key-based SASL authentication mechanism. There are no
> standard ones as of right now. If you know of a key-based SASL
> mechanism that you think we should support, let me know and we'll
> evaluate it.
We would have to do noauth + SSL + trust. I think it's an option worth considering.
The big problem though is that we have to have a setup process to generate the certs,
which is greater complexity than the user/pass option. We would have to generate a host
key pair and a client key pair.
I'm not an expert on these things at all but eclipse uses
http://www.jcraft.com/jsch/
to manage and create ssh keys and uses the standard .ssh location's etc.
Is something additional needed ?
/max
http://about.me/maxandersen