On Sun, 2003-09-14 at 21:06, Garrett Rooney wrote:
> Greg Hudson wrote:
> > (Now that I'm thinking about this, I think if mecharg is NULL, we should
> > issue a challenge for a token, rather than behave as if the mecharg were
> > the empty string. But there's no need to worry about that just now.)
>
> I assume you mean only in the case where the server is running with -u,
> right?
No, all the time. The ANONYMOUS mechanism includes one token sent from
the client to the server (possibly the empty string); if the client
doesn't send that token as a mechanism argument, then the mechanism has
not completed and, per RFC 2222 section 5.1, the server should issue a
challenge with no data.
> Otherwise we'd have a backwards compatability problem.
No backwards compatibility problem; the client always sends a mechanism
argument (possibly the empty string). And if someone were to write
their own client implementation for some reason, they should also use
the mechanism argument. So this is a very theoretical issue; thus the
"no need to worry about that just now."
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Sep 15 07:10:21 2003