svn_auth (was: Not storing passwords in the filesystem)

On Sun, Jun 23, 2002 at 01:09:18AM -0700, Justin Erenkrantz wrote:
> On Sat, Jun 22, 2002 at 05:29:58PM -0700, Greg Stein wrote:
> > Also note that this will get all monkeyed about when I put together the
> > svn_auth library.
>
> Out of curiosity, what will the svn_auth library handle? -- justin

A cleaner framework for implementing new authentication mechanisms, and for
extending how credential information is gathered.

Right now, there aren't very clear lines between the cmdline, the client
lib, the working copy, and RA. It is kind of a hodge podge, with RA defining
the auth structures. Introducing new controls (e.g. "don't save my
password") is rather difficult to wedge into the system.

The new structure provides:

* RA has a simple iteration mechanism to fetch credentials for trail

* libsvn_client can organize the client providers and the WC for proper
  ordering of behaviors

* the cmdline client (or other client apps) can flexibly define different
  mechanisms for retrieving credentials (for eventual delivery to the RA
  iteration process)

* the WC remains "ignorant", yet it can participate in caching info

The kinds of credentials is also relatively extensible. The RA code can
simply ask for a new credential kind, and (if the providers exit) get the
resulting creds. For example, we can now patch ra_dav to ask for certs, and
different clients can provide code for fetching that information (out of a
Windows secure storage, grabbing them from ~/.subversion, or even some other
local store).

I guess the summary would be that we're mostly adding a solid framework,
rather than introducing a lot of new functionality.

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org