Greg Hudson wrote:
> Incidentally, I recommend that people using cram-md5 with svnserve
> assign passwords to the users (rather than have the users pick
> passwords), and use credentials-caching on the clients to ease the
> ensuing pain. Then there isn't so much of an issue with the
> administrator being able to easily see the user passwords.
True.
> Certainly, there are environments where this isn't feasible, though.
True again :-).
> So, Subversion should not be directly concerning itself with wire
> protocol security. I picked the current implementation as a stopgap
> because it could be done in very little code and (this is the key point)
> very little user-visible mechanism.
Ah. This would explain why such a "workaround" isn't already in there.
> Your proposal would require adding a new command-line tool to, at the
> very least, hash passwords. I'm not at all happy with adding that much
> user-visible complexity to the stopgap solution. We should integrate a
> SASL library and let it solve the authentication problems for us rather
> than expand our own stopgap solution.
Very true. However, there is little sign of this happening very soon,
unless the SoC student to whom this was assigned breaks radio silence.
If he doesn't by the time the summer is out, SASL in svnserve is on my
todo, but I thought that this proposal was a potentially interesting fix
for the problems users encounter right now. If it is acceptable for
users to cope with such problems for a little longer until someone (me
or another) gets round to integrating a SASL library, then so be it,
proposal binned :-).
- Dave.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Jul 25 03:50:37 2005