Re: svn client doesn't ask for username and password with http ra_dav

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2003-09-25 02:00:29 CEST

Jack Repenning <jrepenning@collab.net> writes:

> Someone else recently asked 'why does it cache login failures,' with
> similar error indications.
>
> http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=45726
> "Removing cached authentication tokens "
>
> If that's the same problem: there are hints there about cleaning up
> the situation once it develops, but no insight into how it arose.

Yeah, it's a mystery, because if you look at the code,

   1. failed credentials should never be cached. bad credentials
       cause neon to re-ask for them, which causes the svn auth system
       to re-prompt. Eventually the svn auth system gives up on
       re-prompting and just throws an error back to neon, which means
       neon throws an error, which means the client dies. There's no
       opportunity to save them to disk.

   2. if password changes on the server, the credentials on disk are
       bogus. but this just causes the auth system to revert to
       prompting.

We still seem to have no reproduction recipe for this bug...

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Sep 25 02:02:02 2003

This message: [ Message body ]
Next message: D.J. Heap: "Re: The .svn directory name causing trouble"
Previous message: Jack Repenning: "Re: svn client doesn't ask for username and password with http ra_dav"
In reply to: Jack Repenning: "Re: svn client doesn't ask for username and password with http ra_dav"
Next in thread: Files: "Re: svn client doesn't ask for username and password with http ra_dav"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]