[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Awful first cut of ra_svn password authentication

From: Sir Woody Hackswell <woody_at_hackswell.com>
Date: 2003-10-17 03:11:31 CEST

On 16 Oct 2003, Ben Collins-Sussman wrote:

> I really like the idea of placing an svnserve password file into a
> repository. I have a couple of ideas about how to proceed...
> One answer: it can't be that hard to make svnserve do a credential
> "pull", can it? It can issue a challenge at the appropriate point in
> the dialogue, rather than doing it at connection time. Make 'svnserve
> -d' accept an initial unauthenticated connection. When the client
> tries to RA->open() a specific repository, check the repository for
> any password file: if present, issue an auth challenge. Or maybe I'm
> just completely ignorant of CRAM standards...? Enlighten me.
> Another variant which you might like better: have 'svnserve' accept
> credentials with the initial connection, but cache them in memory.
> When RA->open() is called, use them against the specific repository's
> password file. If no password file is present, you can still use the
> username as the author of a newly committed revision. Easier than
> using the --believe-username switch.

This would also be a great paradigm if in the server config file we were to
allow/disallow commands to particular users. :) No need to "authenticate"
if the particular action is open. But use the cached credentials if the
config file says you need them. That way you could have anonymous checkout,
but controlled checkin, etc.

-Richard Balint

Loves are found and buried in this virtual realm
Technical revelations and secret passwords
Passed like fine entrees about the ether
While others laugh through their fingers at it all...

Sir.Woody_at_Hackswell.com http://sir.woody.hackswell.com

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Oct 17 03:23:07 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.