Philip Martin <philip@codematters.co.uk> writes:
> I'm looking at the interface in svn_auth.h and I don't understand why
> svn_auth_first_credentials and svn_auth_next_credentials don't take an
> some sort of context/realm parameter, something that will identify the
> URL for which credentials are required.
>
> Does the current system ask for credentials without any reference to
> the URL? Is this information supposed to be transferred through the
> run-time hash?
The auth_baton's 'runtime parameter' hash isn't heavily used yet. No
auth provider is looking for a URL at runtime.
wc-provider: looks for a wc-dir/access-baton in the hash
all providers: look for --username, --password, --non-interactive,
--no-auth-cache in the hash.
I'm guessing that someday, the client-certs provider will look for
some kind of specific server-challenge data in the hash.
Furthermore, someday the wc-provider will instead become a
~./subversion/ provider, and data *will* be keyed off of UUID.
> It's not just a problem in the security case above, or for
> TortoiseSVN, it seems to be more fundamental. Consider external
> modules. At present I get prompted for a password on initial
> checkout, as a user I can reasonably guess that I need to supply one
> to match the top level URL I supplied. What then happens if there are
> multiple external modules from other repositories? I get further
> prompts for passwords and I appear to have no way to determine the URL
> for which I have to provide credentials.
Ouch! Good point! At a minimum, our prompt provider needs to know
the exact URL which is issuing the challenge, and tell the user. Wow.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Feb 24 15:27:35 2003