[RFE] ~/.netrc support

[gandrille]

For authentication, would it be possible to add ~/.netrc support for providing credentials? This feature is used a lot by FTP command line tools. PS: thanks so much davix (I use it for WebDAV access)!

[gandrille]

For the command line tools, of course.

[gbitzes]

Hi,

I had a look at .netrc, it seems you can only specify a username and password in there. It would not be appropriate for davix, as it supports more authentication methods apart from simple username/password: x509 certificates, S3, Azure..

I think I will add ~/.davixrc, similar to .netrc in syntax but with support for the additional authentication methods. What do you think?

[adevress]

Hi georgios,

If my opinion matter, It would be awesome to have both I think. netrc for compat and something like davixrc for exotic auth method.

Nowadays, a lot of service can now generate temporary service password which are safe to store in ~/.netrc.
I dont like clear text password more than you ~/.netrc is supported by almost all network tools including curl, wget, git and cadaver, that would be nice is davix support it too. :)

Cheers, Adrien

[gbitzes]

Sure, we could first check ~/.davixrc, and if no hosts in there match, then check ~/.netrc. Since the file format will be the same in both, no need to write two different parsers.

Some people have started using gpg-encrypted .netrc files.. :-)

[gandrille]

Hi All, I fully agree with all of your comments. Thanks a lot for listening to rfe! Kind regards, Etienne

[gbitzes]

Hi,

The feature has been implemented and can be found in the devel branch. Please test, and try to break my terrible parser. :) Let me know especially in case it misbehaves with existing .netrc files. It always gives priority to .davixrc over .netrc.

• It supports quoting of parameters, for example this will work: password "evil password with spaces"
• You can escape quotes inside quotes, for example: password "super evil password with \" quote"
• Single quotes as well as double quotes are suppoted, you only need to escape the type of quote you're using, like in python. "valid' ", ' examples\' ', 'of"', "quoted strings\""
• You can specify machine-specific as well as path-specific options, like git's implementation of netrc does. Example: settings under "machine host path /atlas" will apply only if your url's path starts with "/atlas". So you could specify per-VO certificates.
• It understands the following directives: machine, default, path, login, password, cert, key, capath, s3accesskey, s3secretkey, s3region, s3alternate, s3token, azurekey. Did I forget anything?
• macdef blocks are ignored.

Even though I usually prefer strict error checking, in this case any directives not understood are deliberately ignored, to minimize the risk of creating incompatibilities with other tools using their own custom directives.

Cheers