[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: svnserve password store in clear text

From: Ng, Wey Han <weyhan.ng_at_atosorigin.com>
Date: 2004-06-08 09:32:12 CEST

> -----Original Message-----
> From: Mark Phippard [mailto:MarkP@softlanding.com]
> Sent: Monday, June 07, 2004 9:40 PM
>
> Why don't you post some more information about what you are
> doing and the problems?
>
> What version of Apache? Ideally, you should use 2.0.49, but
> it has to be at least 2.0.48 (I believe). If the browsing
> works from a web browser, that would imply you are setup
> correct. What Subversion commands are you running that fail?

I am that type of people who like to figure it out myself before asking.
That's why I just mention I have a problem but not asking for help. Besides,
this is not the forum to ask for help of this kind. If I really stuck I
would rather start a new thread in the user list just to be proper. :)

On the other hand, I would like to report that my error was due to user
error. :O I forgot that in order for Apache to know I am accessing the
repository, I need to add another level in the URI which I have set in the
httpd.conf file (ie the '/repos'). So I have actually got that working
already. Thanks for the offer anyway.

> That is why Apache should be easier, you do not need ssh or anything
> special on the client. SSL is built into your Apache server and the
> Subversion clients. Of course you only need SSL if you want to
> encrypt the traffic on your LAN anyway, not sure you have ever said
> you need that kind of security. By the way, you do realize that when
> using SSL, the URL is https:// not http+ssl://?

Nope, I don't need that kind of security. In fact I am happy with an
encrypted password file plus password send over the LAN in clear text.
Besides, managing SSL with Apache looks like a very involved admin task. But
what do I know. Apache is still pretty much a black box to me.

> I did not have anything specific in mind, I just meant that
> there are a lot of options available for Apache. I was
> thinking LDAP, but you have already said that you are not
> allowed to do that.

Yup. No go there.

> I think a while back someone posted a
> link to a fairly nice CGI based system for managing users
> and password using the basic Apache system. This would just
> be one less piece to write yourself.

Humm... any tips on how to find that posting? I have tried but could not
find the post. That will be a great time saver for me.

> I guess I see what you are saying here, but also I think it
> clear that this web based interface is something you would
> have to write yourself and would not make sense as part of
> svnserve since it's point is to not have an HTTP server in
> the first place.

I never feel that svnserve should come with a http component to manage the
password. What I have in mind is that svnserve comes with a small tool
similar to htpasswd from apache and if user requires a web interface to use
that tool to manage svnserve conf file, the user should be providing it
because there could be too many different requirement in term of managing
user files.

> If you web based interface updated the
> svnserve conf file and hashed the passwords, I guess it would
> be nice if svnserve could use those hashed passwords. But
> there is a tough problem to solve inherent in this:
>
> 1) svnserve cannot require an HTTP interface (or any other
> UI) to manage its config files. That defeats the whole
> point of svnserve.

Really, I don't think we need to go that far so to support hashed password
in user files.

> 2) Without an HTTP interface, there is little value in a
> hashed password solution

Though it will not work in my situation, others might choose to have users
account on the server and requires users to login to the server to run
command line tools like htpasswd to manage their own password. Making
svnserve use hashed password does not necessary need to have HTTP interface
for managing user account. Better yet, if the whole hash password and
password management is written as APIs, there can be third party GUI client
to manage password. :) Just a thought.

> Good luck. I think if you post some more info, we can get
> your Apache working.

Thanks again. Now that I just might drop svnserve all together, I might just
missed the "somewhat faster" speed. :)

Regards,

Han.

----
Ng, Wey-Han
Atos Origin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jun 8 09:37:13 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.