Re: svnserve SASL documentation?

From: Vlad Georgescu <vgeorgescu_at_gmail.com>
Date: 2007-04-10 23:46:00 CEST

Eric Gillespie wrote:
> Vlad Georgescu <vgeorgescu@gmail.com> writes:
>
>> saslauthd expects plaintext passwords, which means the passwords must
>> travel over the wire in plaintext. This would be only be OK if we
>> supported SSL, which we currently don't, so plaintext mechanisms are
>> currently disabled. I could enable them again, if people think that's a
>> good idea.
>
> No, i don't think that's a good idea. I thought we had SSL
> support. What does the "encryption" refer to in these min and
> max encryption directives i edited in svnserve.conf?

SASL can also provide encryption (for certain mechanisms), but it is
activated after the authentication exchange, so it can't protect the
passwords.

>
> What would it take to get SSL support?
>

Some work :). There is already working code in the svnserve-ssl branch,
which I've adapted to work with current trunk/. I've got that code
sitting in a working copy. I suppose I could rebranch svnserve-ssl,
commit what I have now, and work from there.

We also need to have a design discussion about how to extend the ra_svn
protocol to support/negotiate SSL. I _think_ I've got this figured out,
but I need to submit a proposal to the list.

-- 
Vlad
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Tue Apr 10 23:46:16 2007

This message: [ Message body ]
Next message: Malcolm Rowe: "Re: [PATCH] Re: Is mod_dav_svn safe for use in a threaded MPM?"
Previous message: Eric Gillespie: "Re: svnserve SASL documentation?"
In reply to: Eric Gillespie: "Re: svnserve SASL documentation?"
Next in thread: Malcolm Rowe: "Re: svnserve SASL documentation?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]