[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Make SASL mechanism negotiation smarter

From: Vlad Georgescu <vgeorgescu_at_gmail.com>
Date: 2006-10-11 21:20:26 CEST

On 10/11/06, Malcolm Rowe <malcolm-svn-dev@farside.org.uk> wrote:
> On Wed, Oct 11, 2006 at 09:07:19PM +0300, Vlad Georgescu wrote:
> > - the SASL anonymous plugin doesn't have anything to do with the
> > internal anonymous/cram-md5 auth; it's just a simple implementation of
> > the SASL plugin API; in fact, the old code (located in
> > libsvn_ra_svn/simple_auth.c) isn't even compiled when SASL is
> > detected; both simple_auth.c and sasl_auth.c implement the function
> > svn_ra_svn__do_auth, but in different ways.
> >
>
> Okay. So, sorry if this is a stupid question, but is it therefore not
> possible to compile a SASL-enabled svnserve and point it at a regular
> svnserve password file using svnserve.conf?
>
> That is, SASL takes over the entire authn process, and you either have a
> SASL-enabled server that uses SASL, or a non-SASL-enabled server that
> uses the 'passwd' setting in svnserve.conf?
>

Ah. Sorry if I wasn't clear. When you compile Subversion with SASL
support, it's only the client that uses SASL unconditionally. The
server will still authenticate users as before, unless you set
'use-sasl' to 'true' in svnserve.conf, which will make all
authentication requests go through SASL.

-- 
Vlad
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Oct 11 21:20:45 2006

This is an archived mail posted to the Subversion Dev mailing list.