Re: non-interactive user authentication

In a message dated: 07 Oct 2002 14:07:35 CDT
Karl Fogel said:

>There's still the question of how to behave when updating a working
>copy that has auth info which is no longer valid on the server.

In general, wouldn't you expect a failure message stating that the
authentication failed rather than a prompt?

If the auth info on the server is for some reason invalid, then why
would prompting help? For instance, if an htpasswd file got replaced
and the username/password in the script were no longer in it, or the
password changed, isn't it safer to assume that the user in question
is probably not aware of such a change, and therefore, doesn't have
the correct auth tokens to pass?

In this case, the user needs to see the system/repository administrator
to determine what the problem is. Continuing to prompt isn't going
to help anyone.

>Let me expand this to the general problem:
>
>Subversion has some commands that, in some circumstances, can prompt
>the user for information. Any script that runs such commands may need
>a `--non-interactive' option to suppress the prompting, because the
>script can't always control whether or not the prompt-causing
>circumstances will arise.
>
>We can get rid of the option, but only if we also *never* prompt as a
>default fallback behavior.
>
>Do we want that?

I think it's the safer way to go. If the user can't be
authenticated, exit with an error stating that the authentication
failed. At least now they know *something*. Continuing to prompt
just gets them frustrated, since they feel they passed the correct
info the first time.

-- 
Seeya,
Paul
--
	It may look like I'm just sitting here doing nothing,
   but I'm really actively waiting for all my problems to go away.
	 If you're not having fun, you're not doing it right!
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org