On Mon, Sep 17, 2012 at 07:16:21PM -0600, Wendell Nichols wrote:
> I have many eclipse subversion based projects. I work on them as
> needed. the probelm is that if I open a project that I haven't
> accessed in some time and the cached svn password is old (and
> therefore wrong) by the time I notice it has tried three times (or
> more) under the covers to login and AD revokes my userid. If I'm
> working when the helpdesk is not manned, I'm screwed till the next
> day!
That's a trade-off between usability and security. It seems they're
being a bit too aggressive with revoking accounts used for SVN access.
If your password isn't ridiculously short, more than 3 attempts
could be allowed before it's likely to be cracked.
> I would like to have a setting that restricts auth errors to one
> attempt before notifying me. That includes, for instance, opening
> three old projects at once.
As a workaround, I'd recommend clearing the password cache before
opening old projects. See here for more information about where
passwords are cached and how to remove them:
http://svnbook.red-bean.com/en/1.7/svn.serverconfig.netmodel.html#svn.serverconfig.netmodel.creds
Subversion 1.8 will ship with an in-memory password cache, based on
the "gpg-agent", which would prevent outdated passwords from being
used by design because the cache is cleared at regular intervals.
In its current implementation this option will only be available on
UNIX-like systems since it uses UNIX domain sockets to talk to the
gpg-agent. Someone would need to add the necessary Windows socket
support to make it run on Windows, too.
Received on 2012-09-18 09:45:25 CEST