Re: Length of passwords for svnserve on HP-UX?

On 1/25/07, Malcolm Rowe <malcolm-svn-dev@farside.org.uk> wrote:
> On Tue, Jan 23, 2007 at 02:25:29AM -0800, mb wrote:
> > is there a maximum length of passwords (probably 8 chars) for svnserve
> > on HP-UX?

> No, there certainly shouldn't be.

There isn't. This is specific to the HP-UX client. Your svnserve
platform doesn't
enter into it.

> > The question arises from the following (in my opinion very strange)
> > scenario:

> > SVN server (svnserve 1.3.1 r19032) on HP-UX machine.

Irrelevant.

> > c) SVN client on HP-UX (command line 1.3.1 r19032)

This is what matters. I assume you downloaded that sucker (lemon drop?) from
http://hpux.connect.org.uk/hppd/hpux/Development/Tools/subversion-1.3.1/
and figured, hey, it's from HP, semi-supported, what could possibly go wrong...?

Yeah, me too. Ended up wiping and recreating the hp build user, and used a
different (and accidentally short enough) password, and resigned myself to a
head scratching "Huh!" with regard to the now-vanished problem. Until I went
and made everyone upgrade to 1.4.x - including all of my build-daemons. In
the process, I had to fix a compile failure on the HP-UX 11.23 (IA-64) version
because to EDG front-end (B.06.12) tripped over a bad hp header file. The
old nagging puzzle turned into an "A-hah!" and, shortly, correctly functioning
builds on both HP-UX 11.11 (PA-RISC) and HP-UX 11.23 (IA-64).

Don't feel too bad about not attributing the culprit here. My team and I have
had a few encounters with massive flaws in HP-UX (OS, libraries, and compilers)
manifesting in production releases of an enterprise-level data
management server.

Eventually you get to the point where you just want to blame everything on
that massive PoS platform, unless the bugs show up on another OS.

> > With an user that uses a password with more than 8 chars the access
> > works with a and b but doesn't work from c. The access fails with NO
> > ERROR message and just asks for another username.

> > After changing the PW to less than 8 chars access worked from all
> > clients.

A-yup, dat's der bunny.

> That's very odd, and there's certainly nothing in the svn protocol that
> has anything to do with password length. Assuming you're not tunnelling
> over another protocol (i.e. svn+ssh), all password authentication is
> done using CRAM-MD5 - and that has nothing at all to do with password
> length.

> A network capture of the traffic between the client and server might
> shed some light, if you're able to provide it.

It would, if it hadn't gotten fsck'd internally by his client.

-- 
Nathan, who wishes he could just drop HP-UX and be done with it...
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org