On 16 Oct 2003, Ben Collins-Sussman wrote:
> I really like the idea of placing an svnserve password file into a
> repository. I have a couple of ideas about how to proceed...
>
> One answer: it can't be that hard to make svnserve do a credential
> "pull", can it? It can issue a challenge at the appropriate point in
> the dialogue, rather than doing it at connection time. Make 'svnserve
> -d' accept an initial unauthenticated connection. When the client
> tries to RA->open() a specific repository, check the repository for
> any password file: if present, issue an auth challenge. Or maybe I'm
> just completely ignorant of CRAM standards...? Enlighten me.
>
> Another variant which you might like better: have 'svnserve' accept
> credentials with the initial connection, but cache them in memory.
> When RA->open() is called, use them against the specific repository's
> password file. If no password file is present, you can still use the
> username as the author of a newly committed revision. Easier than
> using the --believe-username switch.
This would also be a great paradigm if in the server config file we were to
allow/disallow commands to particular users. :) No need to "authenticate"
if the particular action is open. But use the cached credentials if the
config file says you need them. That way you could have anonymous checkout,
but controlled checkin, etc.
-Richard Balint
-----
Loves are found and buried in this virtual realm
Technical revelations and secret passwords
Passed like fine entrees about the ether
While others laugh through their fingers at it all...
Sir.Woody_at_Hackswell.com http://sir.woody.hackswell.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Oct 17 03:23:07 2003