[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnserve SASL documentation?

From: Vlad Georgescu <vgeorgescu_at_gmail.com>
Date: 2007-04-10 23:46:00 CEST

Eric Gillespie wrote:
> Vlad Georgescu <vgeorgescu@gmail.com> writes:
>
>> saslauthd expects plaintext passwords, which means the passwords must
>> travel over the wire in plaintext. This would be only be OK if we
>> supported SSL, which we currently don't, so plaintext mechanisms are
>> currently disabled. I could enable them again, if people think that's a
>> good idea.
>
> No, i don't think that's a good idea. I thought we had SSL
> support. What does the "encryption" refer to in these min and
> max encryption directives i edited in svnserve.conf?

SASL can also provide encryption (for certain mechanisms), but it is
activated after the authentication exchange, so it can't protect the
passwords.

>
> What would it take to get SSL support?
>

Some work :). There is already working code in the svnserve-ssl branch,
which I've adapted to work with current trunk/. I've got that code
sitting in a working copy. I suppose I could rebranch svnserve-ssl,
commit what I have now, and work from there.

We also need to have a design discussion about how to extend the ra_svn
protocol to support/negotiate SSL. I _think_ I've got this figured out,
but I need to submit a proposal to the list.

-- 
Vlad
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 10 23:46:16 2007

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.