Re: Feature Request: clients shouldn't store auth-creds

Robert wrote:

> Hello.
> Would you please set store-auth-creds to no and uncomment that key
> please in ~.subversion/config.

I'd recommend setting store-passwords to no instead of store-auth-creds,
because setting store-auth-creds to no also disables Subversion's
ability to remember user names and to permanently trust server certificates.

> I have a DMZ with Web Server on which I work with svn for the web
> pages and today decided to enforce digest auth in apache.conf. But for
> other users (the clients) in a corporate network it is very confusing.
> Since those people normally are no admins it doesn't make sense.
>
> And it took me hours to change every working copy and the config on
> all my accounts. On the other side enabling caching would be much faster.

I don't understand what you are saying here. Why did you have to change
the working copies?

> In my opinion, security has to be enabled by default, if the password
> dialog is annoying for some user, he should decide on his own.

If you need that level of security and you cannot trust your users to
not cache the passwords, you can use client certificates instead. Client
certificate passwords are never cached by Subversion.

/Tobias

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Dec 27 23:31:06 2004