Skip to content

Revamp the authentication system

The current authentication system for transfers is too rigid. It only allows authentication via password, TLS certificates, or SSH public key. This will probably become a problem in the future when we start adding support for protocols which use different authentication methods. Thus, the authentication system should be remade to be more flexible, and to allow adding new authentication methods more easily. This change would also allow us to add support for more authentication methods with the currently supported protocols.

The most obvious solution is to replace the existing certificates table with a more generic authentication table, which associates a target (agent, account...) with an authentication type and an authentication value. This new table would also replace the password column present in the local_accounts & remote_accounts tables. Each target could thus have as many different authentication methods as it needs.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information