[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Writing svn-agent (Was Re: [PATCH] default to --no-auth-cache)

From: Colin Watson <cjwatson_at_flatline.org.uk>
Date: 2003-01-16 17:32:25 CET

On Thu, Jan 16, 2003 at 08:42:18AM -0800, rbb@rkbloom.net wrote:
> On Thu, 16 Jan 2003, Colin Watson wrote:
> > On Thu, Jan 16, 2003 at 08:18:55AM -0800, rbb@rkbloom.net wrote:
> > > Yes, ra_svn over SSH is exactly what CVS does. ra_dav + SSL
> > > without auth-caching is also perfectly secure. The only remaining
> > > problem (once passwords are moved out of the wc, is that the
> > > default is insecure, and the docs glance over the issue. The
> > > reason that svn-agent came up at all is because people want both
> > > security and auth-caching, which requires something like
> > > svn-agent.
> >
> > If ra_svn is tunnelled over ssh, why can it not consider ssh to have
> > already performed authentication (if indeed it doesn't use this
> > logic already)? If so, ssh-agent is sufficient and indeed
> > preferable; you'll usually need it anyway to stop ssh prompting for
> > authentication.
>
> If you use ra_svn over ssh, ssh does do the authentication. And,
> ssh-agent is required to get passphrase caching.

Right, so then this should be documented in big flashing lights as the
way to get security and auth-caching at the same time. 

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jan 16 17:33:19 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.