[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: TortoiseSVN 1.3.0 RC2 Clear Authentication error

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: 2006-01-11 22:54:33 CET

Molle Bestefich wrote:

>> You end up getting a 401 error and no prompt for user/pass.
>
> Sounds bad!
> What's the reason for the lack of a password prompt?
> Should be a no-brainer to prompt for a password when given a 401..

You have to differ between authentication and authorization.

The username/password or SSPI (single-sign-on) is for authentication
only. But then, if the authenticated user (e.g. the user "guest")
doesn't have the authorization to access a specific directory in the
repository, the whole operation fails.
It's the same as if you would enter a username/password for a user who
only has read access to a repository while you're trying to commit.

And since the authorization is done in neon, but the authentication
later is done on the server (apache), you can't just prompt for
username/password - because the operation already failed.

btw: this has nothing to do with SSPI, it also happens with basic auth.
* Set up a user with read-only access
* try a commit
* enter username/password of the readonly user
* operation fails

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Wed Jan 11 22:56:41 2006

This is an archived mail posted to the TortoiseSVN Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.